| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Sep 2008 14:31:19 +0800 From: "Eugene Teo" <eugeneteo@...nel.sg> To: "Stephen Hemminger" <stephen.hemminger@...tta.com> Cc: netdev@...r.kernel.org Subject: Re: Internet-Draft on Port Randomisation On Tue, Sep 9, 2008 at 12:58 PM, Stephen Hemminger <stephen.hemminger@...tta.com> wrote: > Eugene Teo wrote: >> >> Has anyone read this Internet-Draft? >> >> http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-randomization-02.txt >> >> In this memo, there are descriptions of four different ephemeral port >> randomisation algorithms (see page 17). >> >> Algo #1 and #2 are simple port randomisation algorithms. Algo #3 is >> what we have in Linux. The memo suggested algorithm #4, double-hash >> randomisation algorithm, which is an improvement to algo #3 (see page >> 15). >> >> Does anyone have any thought about the improved algorithm? Is this >> worth implementing, > > No the added lock overhead of a global next free port array is not worth it. > Think of big web server under > DoS pressure. The existing port search can run in parallel, Algo #4 was > suggested by people > who don't work on a real SMP OS. Thanks Stephen. Eugene -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists