Re: [PATCH] OpenBSD Networking-related randomization port

From: Florian Weimer
Date: Sat Jan 29 2005 - 13:23:43 EST

Next message: Andrew Morton: "Re: [PATCH 01/04] Adding cipher mode context information tocrypto_tfm"
Previous message: Christoph Hellwig: "Re: Patch 4/6 randomize the stack pointer"
In reply to: Lorenzo Hernández García-Hierro: "Re: [PATCH] OpenBSD Networking-related randomization port"
Next in thread: Horst von Brand: "Re: [PATCH] OpenBSD Networking-related randomization port"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Lorenzo Hernández García-Hierro:

> As it's impact is minimal (in performance and development/maintenance
> terms), I recommend to merge it, as it gives a basic prevention for the
> so-called system fingerprinting (which is used most by "kids" to know
> how old and insecure could be a target system, many time used as the
> first, even only-one, data to decide if attack or not the target host)
> among other things.

The most important result of such a patch is source port randomization
for DNS queries to resolvers. This gives you a few more bits (DNS
itself has just a 16 bit "unique" ID, which isn't too hard to
brute-force these days, unfortunately).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH 01/04] Adding cipher mode context information tocrypto_tfm"
Previous message: Christoph Hellwig: "Re: Patch 4/6 randomize the stack pointer"
In reply to: Lorenzo Hernández García-Hierro: "Re: [PATCH] OpenBSD Networking-related randomization port"
Next in thread: Horst von Brand: "Re: [PATCH] OpenBSD Networking-related randomization port"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]