lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <48ba9a4c.1287460a.1e2a.4b7c@mx.google.com>
Date: Sun, 31 Aug 2008 10:14:52 -0300
From: Fernando Gont <fernando.gont@...il.com>
To: bugtraq@...urityfocus.com,full-disclosure@...ts.grok.org.uk
Subject: Port Randomization: New revision of our IETF
	Internet-Draft

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Folks,

We have published a revision of our IETF Internet-Draft about port
randomization.  It is available at:
http://www.gont.com.ar/drafts/port-randomization/draft-ietf-tsvwg-port-rand
omization-02.txt (you can find the document in other fancy formats at:
http://www.gont.com.ar/drafts/port-randomization/index.html)

This new revision of the document addresses the feedback we got from Amit
Klein, Matthias Bethke, and Alfred Hoenes.

The  abstract of the document is:
- ---- cut here ----
    Recently, awareness has been raised about a number of "blind" attacks
    that can be performed against the Transmission Control Protocol (TCP)
    and similar protocols.  The consequences of these attacks range from
    throughput-reduction to broken connections or data corruption.  These
    attacks rely on the attacker's ability to guess or know the five-
    tuple (Protocol, Source Address, Destination Address, Source Port,
    Destination Port) that identifies the transport protocol instance to
    be attacked.  This document describes a number of simple and
    efficient methods for the random selection of the client port number,
    such that the possibility of an attacker guessing the exact value is
    reduced.  While this is not a replacement for cryptographic methods,
    the described port number randomization algorithms provide improved
    security/obfuscation with very little effort and without any key
    management overhead.  The algorithms described in this document are
    local policies that may be incrementally deployed, and that do not
    violate the specifications of any of the transport protocols that may
    benefit from them, such as TCP, UDP, UDP-lite, SCTP, DCCP, and RTP.
- ---- cut here ----

Any comments will be more than welcome.

Thanks!

Kind regards,
- --
Fernando Gont
e-mail: fernando@...t.com.ar || fgont@....org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1





-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003) - not licensed for commercial 
use: www.pgp.com

wsBVAwUBSLqZM5buqe/Qdv/xAQinYggA0q0ko/QOu4UBCYT8pVGrLL6N1sWJimOz
wdVFXYcMyGiwxX4zb9ozqMmfnGHxsHSLJ9PMcA8BR9ToKgJ/ZwuVYFTMYj9WvyuP
ZcXHr/e1R1JT4AJS305RGOwH+oZPk6szdn0im4Ax8yCFJnJRtD0Hc7IWDIomO93R
jwfC2E1G4ElE343RX/mFjf2kzmjUOaoiM8MHxq9NZZRfliJbAdkDovtb3XKgiiU4
uFF+UEcC8Vkg/ISo9X5dlqJf4N3ogHaomfsaP8g5JZ6tP4kMZ1lmRvF8L2MAw0b4
wSyVp9yA4+vJ0w24bVDs/BPlicXUblUPZdmoKwzMCJck8AuvqL0c9A==
=xta0
-----END PGP SIGNATURE-----


--
Fernando Gont
e-mail: fernando@...t.com.ar || fgont@....org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ