Re: Update: Alternate port randomization approaches

From: Mike Silbersack (silby_at_silby.com)
Date: 12/30/04 

Date: Thu, 30 Dec 2004 04:42:15 -0600 (CST)
To: Maxim Konovalov <maxim@FreeBSD.org>

On Wed, 29 Dec 2004, Maxim Konovalov wrote:

> On Wed, 29 Dec 2004, 03:02-0600, Mike Silbersack wrote:
>> This appears to work for Igor, and it seems safe enough to commit before
>> 4.11-RC2. But, if possible, I'd like a few more sets of eyes to doublecheck
>> the concept and code; please take a look at it if you have a chance.
>
> Again, it's not clear for me why we don't follow our usual
> deveplopment cycle here: commit & test in HEAD and then MFC to STABLE?
>
> --
> Maxim Konovalov

The problems random port allocation exposes only occur in situations where
machine A is making repeated connections to machine B, so it's limited to
situations like front-end web proxies, connections to database servers,
and a few other things. General web servers, ftp servers, SMTP servers,
etc, aren't affected. So, committing to -current won't cause us to learn
anything; specific testers are needed.

I should have worked on this issue months ago, but I didn't, so I'm trying
to come up with something safe as quickly as possible. This is
necessitated because 4.11 is going to be the last in the 4.11 series, so
this can't be pushed off until after 4.11 is published - there'd be little
point in bothering at that time.

Igor has been generous enough to test the various iterations of this patch
as I've developed them and tested on a production system to see if they
work for him. Based on his results, I think we're pretty close to an
acceptable compromised between security (full randomization) and proper
operation (no randomization.) We're now looking at settings more along
the lines of a 10 connections per second ceiling and a 45 second threshold
before randomization is reenabled, FWIW.

I'm not too concerned about general testing because these patches are
quite simple; they're modifications of the previous behavior, so they
won't create any new problems. As far as bugs in the implementaton go,
well, anyone is welcome to do a quick review. :)

Mike "Silby" Silbersack
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

Relevant Pages

  • Re: RedHat pulling out!!
    ... except operations staff. ... Or servers in general really. ... You can be safe in the knowledge that the only ... packages only take a day or so to come through so it's not a problem. ...
    (alt.os.linux)
  • Re: teaching a child - console or GUI
    ... > databases, if they do not commit to disk pronto, then they are an ... All DB servers can be set up to do so, but they perform like s*** on large ... update chunks when running in this "safe" mode. ... I'll not spend any money on American Software products ...
    (comp.lang.pascal.delphi.misc)
  • Re: Trojans and Trojan-scanner
    ... >> say that there environment was safe I found that all 70 servers were ... > Running Linux since ages on a large amount of systems I have never seen ...
    (comp.os.linux.security)
  • Heads up: smbfs
    ... By popular request, I've MFC'd all of the new smbfs features and bugfixes ... commit, I may have made mistakes merging, or I may have backported some ... Bring in all of the smbfs features and bug fixes from -current to -stable: ... Windows 2003 servers. ...
    (freebsd-stable)
  • Re: FAQ: Current Usenet spam thresholds and guidelines
    ... > real or fake. ... Windows desktops and servers can find a safe haven on a ...
    (comp.os.linux.misc)