hi,
fetched the lattest released kernel (2.2.13, I guess *.14.pre* hasn't got
much changes at this point) and here's desirable change to randomize local
port binding, so port number would be less predicable. (reasons why it
shouldn't be predicable I pointed out in my previous mail). I don't think
there're security issues with guessable local UDP ports, since not many
applications are hooked with it, and none,which I examined so far, could
be abused due to this reason, so I just left it alone.
hope it helps
-Fyodor
--- linux/net/ipv4/tcp_ipv4.c.orig Fri Oct 22 15:39:18 1999
+++ linux/net/ipv4/tcp_ipv4.c Fri Oct 22 15:39:39 1999
@@ -212,10 +212,10 @@
SOCKHASH_LOCK();
if (snum == 0) {
- int rover = tcp_port_rover;
int low = sysctl_local_port_range[0];
int high = sysctl_local_port_range[1];
int remaining = (high - low) + 1;
+ int rover = tcp_port_rover+jiffies%(high-low);
do { rover++;
if ((rover < low) || (rover > high))
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
