On 11/17/05, Kevin <[EMAIL PROTECTED]> wrote: > On 11/17/05, Jon Hart <[EMAIL PROTECTED]> wrote: > > The funny thing is, in my tests, despite having ~31000 source ports to > > choose from, the client is unlucky enough most of the time and very > > quickly manages to reuse a port. It depends on what else the client is > > doing, but I saw a case earlier today that after about 300 connections, > > the source port was reused. > > Does Debian have random source ports? > > My thought is that the classic approach of using ephemeral ports > sequentially is acting as a poor man's "least recently used" algorithm > in choosing the source port for each new session. > > Depending on the implementation, source port randomization could cause > a source port to be reused much sooner than with the "classic" > approach.
Classic birthday attack. If the source ports are chosen randomly, and there are 31000 ports to choose from, one would expect to see re-use after approximately sqrt(n), or 176 tries. Shouldn't the client still check to see if the socket is involved in a 2MSL WAIT state, and pick another source port if it is? Or better yet - choose randomly from sockets not involved in WAIT states, if there are any. That is trickier, but not impossible. -- http://www.lightconsulting.com/~travis/ -><- "We already have enough fast, insecure systems." -- Schneier & Ferguson GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
