* Iljitsch van Beijnum <[EMAIL PROTECTED]> [2004-05-13 19:52]: > I don't think you can fully randomize the source port as it might clash > with well-known ports.
of course. 1024 - 49151, on OpenBSD. > Also, it may be somewhat expensive to make ports > truly random. (But not as expensive as doing MD5 for the whole > session.) We have randomized src ports in OpenBSD since 1996 - on all platforms, including vax and such. No, it is not expensive. > But why are you assuming the window size is 64k? This is completely > unnecessary, and not done in practice by "real" routers: those > typically use a 16k window. It should even be possible to set the > window to a very small size, such as 64 bytes. That's enough to receive > the initial BGP header, after which the window can be set to a larger > size until the session is idle again. In OpenBSD's bgpd, we only scale the window up of md5sig or ipsec is in use... -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)