tsvwg-6----Page:5
1 2 3 4 5 6 7 8
|
Advice is needed on port randomization Some implementations have bothered to implement attack-specific mitigations, yet they have not implemented the most obvious/general one: port randomization. Different implementations use different (and too small!) ranges for ephemeral ports (e.g., 1024-4999). Some port randomization approaches (together with small port number ranges) increase the chances of port number collisions, leading to interoperability problems (as reported on OpenBSD’s and FreeBSD’s mailing-lists). FreeBSD ended up including a hack to disable port randomization when the rate of outgoing connections is higher than some specified value |