lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20170223.125401.1794857404908689667.davem@davemloft.net>
Date:   Thu, 23 Feb 2017 12:54:01 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     aschultz@...p.net
Cc:     pablo@...filter.org, tom@...bertland.com, gerlitz.or@...il.com,
        ogerlitz@...lanox.com, jhs@...atatu.com, laforge@...monks.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH net-next] net/gtp: Add udp source port generation
 according to flow hash

From: Andreas Schultz <aschultz@...p.net>
Date: Thu, 23 Feb 2017 18:19:16 +0100 (CET)

> When we are talking about the xmit path, then currently none of the
> receivers we are talking to is going to be Linux and we have no
> idea how they will behave nor do we have any influence on them. Do
> we really need to make assumptions about other vendors implementations?
> 
> Traces on live GRX networks show that about 90% of the SGSN/S-GW
> that would talk to us always use the default GTP-U port as source
> port. Some multi chassis GSN's seem to assign source port ranges to
> chassis, but that has nothing todo with DDOS protection.

This is exactly what other UDP tunnel implementations did before
flow separation was prevelant.

I don't see the point of any of this discussion discouraging the
enablement of proper flow separation.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ