NetBSD Wiki/projects/project/
Implement RFC 6056: 'Recommendations for Transport-Protocol Port Randomization'
- Contact: tech-net
- Mentors: Alistair G. Crooks
- Duration estimate: 3 months
IMPORTANT: This project was completed by Vlad Balan. You may still contact the people above for details, but please do not submit an application for this project.
When using connect(2) to connect the client end of a socket, the system will choose the next number of the socket for you. Having an easily guessed port number can allow various attacks to take place. Choosing the next port number at random, whilst not perfect, gives more protection against these attacks. RFC 6056 gives an excellent overview of the algorithms in use when "randomising source ports", giving examples from FreeBSD, OpenBSD and Linux.
This project has a number of goals:
- Evaluate and prioritise the algorithms in RFC 6056.
- Implement the algorithms in RFC 6056, and make it possible to choose between them with sysctl.
Add a comment