Re: [shara] port randomization (draft-ymbk-aplusp-03)
<Gabor.Bajko@nokia.com> Thu, 12 March 2009 05:51 UTC
Return-Path: <Gabor.Bajko@nokia.com>
X-Original-To: shara@core3.amsl.com
Delivered-To: shara@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B13893A68A8 for <shara@core3.amsl.com>; Wed, 11 Mar 2009 22:51:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D4zgHv7lWyk5 for <shara@core3.amsl.com>; Wed, 11 Mar 2009 22:51:41 -0700 (PDT)
Received: from mgw-mx09.nokia.com (smtp.nokia.com [192.100.105.134]) by core3.amsl.com (Postfix) with ESMTP id A828F3A67A3 for <shara@ietf.org>; Wed, 11 Mar 2009 22:51:41 -0700 (PDT)
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-mx09.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id n2C5pKaE014714; Thu, 12 Mar 2009 00:51:56 -0500
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 12 Mar 2009 07:51:32 +0200
Received: from smtp.mgd.nokia.com ([65.54.30.8]) by esebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Thu, 12 Mar 2009 07:51:32 +0200
Received: from nok-am1mhub-07.mgdnok.nokia.com (65.54.30.14) by NOK-AM1MHUB-04.mgdnok.nokia.com (65.54.30.8) with Microsoft SMTP Server (TLS) id 8.1.340.0; Thu, 12 Mar 2009 06:51:32 +0100
Received: from NOK-EUMSG-01.mgdnok.nokia.com ([65.54.30.86]) by nok-am1mhub-07.mgdnok.nokia.com ([65.54.30.14]) with mapi; Thu, 12 Mar 2009 06:51:32 +0100
From: Gabor.Bajko@nokia.com
To: dwing@cisco.com, shara@ietf.org
Date: Thu, 12 Mar 2009 06:51:32 +0100
Thread-Topic: [shara] port randomization (draft-ymbk-aplusp-03)
Thread-Index: Acmiq/RP1aEDLzHtTdypcxfbxQQGlAAKaeAg
Message-ID: <A99B171D26E1564B92D36826128CD66127EE038A28@NOK-EUMSG-01.mgdnok.nokia.com>
References: <022a01c9a2ab$fd5abf60$fd736b80@cisco.com>
In-Reply-To: <022a01c9a2ab$fd5abf60$fd736b80@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginalArrivalTime: 12 Mar 2009 05:51:32.0674 (UTC) FILETIME=[98C86220:01C9A2D6]
X-Nokia-AV: Clean
Subject: Re: [shara] port randomization (draft-ymbk-aplusp-03)
X-BeenThere: shara@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Sharing of an IPv4 Address discussion list <shara.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shara>
List-Post: <mailto:shara@ietf.org>
List-Help: <mailto:shara-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shara>, <mailto:shara-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2009 05:51:42 -0000
>-----Original Message----- >From: shara-bounces@ietf.org [mailto:shara-bounces@ietf.org] On Behalf Of >ext Dan Wing >Sent: Wednesday, March 11, 2009 5:46 PM >To: shara@ietf.org >Subject: [shara] port randomization (draft-ymbk-aplusp-03) > >http://tools.ietf.org/html/draft-ymbk-aplusp-03#section-4.8 says, in >part: > > ... > Port randomization is also a bit compromised in A+P solution. As CPE > can randomize ports only within port range that is allocated to it, > randomness is more limited than in the the scenario with full range > of ports, allowed for randomization. We can assume, that CPE either > gets port range from ephemeral range (49152-65535) or from > "registered ports" range (1024-49151). Both ranges can be used for > randomization, see [I-D.ietf-tsvwg-port-randomization] for more > details. > >Has consideration been given to having the PRR return only *one* port >for each request, or to returning a list of port numbers which are >not consecutive and are not a bit-pattern of ports? These techniques >would allow the PRR to distribute the requests randomly across the >entire port range instead of within a block of ~100 (or whatever). This is exactly the intention of section 4 and 5 in http://www.ietf.org/internet-drafts/draft-bajko-pripaddrassign-01.txt What section 5 describes is a way to communicate a list of preallocated random ports to the client, in an indirect way. >Further fleshing out of the technique described in Section 4.4 >("Dynamic allocation of port ranges") could be useful towards >allowing applications to benefit from the security advantage of >port randomization. Yes, this is explicitely stated in section 2 of the above mentioned draft. - gabor >-d > > >_______________________________________________ >shara mailing list >shara@ietf.org >https://www.ietf.org/mailman/listinfo/shara
- [shara] port randomization (draft-ymbk-aplusp-03) Dan Wing
- Re: [shara] port randomization (draft-ymbk-aplusp… Gabor.Bajko
- Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
- Re: [shara] port randomization (draft-ymbk-aplusp… Randy Bush
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… teemu.savolainen
- Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… pierre.levis
- Re: [shara] port randomization (draft-ymbk-aplusp… Lars Eggert
- Re: [shara] port randomization (draft-ymbk-aplusp… Rémi Denis-Courmont
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… Rémi Després
- Re: [shara] port randomization (draft-ymbk-aplusp… Rémi Després
- Re: [shara] port randomization (draft-ymbk-aplusp… teemu.savolainen
- Re: [shara] port randomization (draft-ymbk-aplusp… MILES DAVID
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
- Re: [shara] port randomization (draft-ymbk-aplusp… Gabor.Bajko
- Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
- Re: [shara] port randomization (draft-ymbk-aplusp… Dan Wing
- Re: [shara] port randomization (draft-ymbk-aplusp… pierre.levis
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… mohamed.boucadair
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… mohamed.boucadair
- Re: [shara] port randomization (draft-ymbk-aplusp… Jan Zorz @ go6.si
- Re: [shara] port randomization (draft-ymbk-aplusp… mohamed.boucadair