From owner-freebsd-security@FreeBSD.ORG  Mon Sep 20 10:13:52 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5053F16A4CE
	for <freebsd-security@freebsd.org>;
	Mon, 20 Sep 2004 10:13:52 +0000 (GMT)
Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3D31D43D2D
	for <freebsd-security@freebsd.org>;
	Mon, 20 Sep 2004 10:13:50 +0000 (GMT)
	(envelope-from dmitry@atlantis.dp.ua)
Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231])
	by smtp.atlantis.dp.ua (8.12.6p2/8.12.6) with ESMTP id i8KADVai025882;
	Mon, 20 Sep 2004 13:13:31 +0300 (EEST)
	(envelope-from dmitry@atlantis.dp.ua)
Date: Mon, 20 Sep 2004 13:13:31 +0300 (EEST)
From: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
To: Mike Silbersack <silby@silby.com>
In-Reply-To: <20040918150205.A8909@odysseus.silby.com>
Message-ID: <20040920130911.W24347@atlantis.atlantis.dp.ua>
References: <621146771453.20040918232248@625.ru>
	<20040918150205.A8909@odysseus.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
cc: freebsd-security@freebsd.org
cc: "Danil V.Gerun" <news@625.ru>
Subject: Re: Random source ports in FreeBSD?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Sep 2004 10:13:52 -0000


Hello!

On Sat, 18 Sep 2004, Mike Silbersack wrote:
>> So, as far as I got to know, randomizing source ports in FreeBSD is
>> impossible now? (to be exact - is not implemented?)
>> 
>> It's very interesting to me - WHY is it so?
>> I mean - may be there are good reasons for not making all this?..
>
> Source port randomization was implemented before 4.10 was released.  See 
> in_pcb.c revisions 1.143 - 1.146, 1.59.2.27, or 1.59.2.27.2.1, depending on 
> the branch you're interested in:
>
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in_pcb.c

  Yes, source port randomization works in 4.10-RELEASE, but port number 
sequence tends to give the same port number every 100-200 ports. Local
FTP install of 4.10-RELEASE always fail for me, as a workaround I'm forced
to issue sysctl net.inet.ip.portrange.randomized=0 before reselecting FTP
server in sysinstall. Are there plans to fix the quality of random port number 
generation under 4-STABLE?

Sincerely, Dmitry
-- 
Atlantis ISP, System Administrator
e-mail:  dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE