On Feb 19, 2013, at 9:06 AM, <[email protected]> wrote: > In each analyzed port derivation algorithm, an attacker may implement > a redirection loop to detect a significant amount of allowed ports. > For all monotonously scattered schemes, the whole Port-Set may be > deduced by extrapolation while this is not applicable for contiguous > port ranges (because no information about port bounds is leaked in > the IPv4-translatable IPv6 address).
This seems like massive overkill. The attacker can just ask someone who's connected to the network what port set algorithm is in use. Then, given one known port, all other ports for that host are known. Keeping the local port set allocation algorithm secret would be impossible for an ISP, and pretty difficult even for an enterprise, since some machine at the enterprise is probably 0wned by a botnet. _______________________________________________ Softwires mailing list [email protected] https://www.ietf.org/mailman/listinfo/softwires
