This is the mail archive of the ecos-patches@sources.redhat.com mailing list for the eCos project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Attached patch contains a CDL option to randomize the source port when a connection is created. I ran into a problem when testing through a customer's firewall. The first connection started using source port 1024, the second used 1025, etc, and everything was ok. Then I changed the configuration, and restarted the eCos board. Again, it started with 1024, but the connection failed. I found out that the firewall prevented the connection from completing because it misinterpreted the pattern as a DoS attack. We waited for 30 minutes before the firewall allowed 1024 to pass again. I can't tell you if this firewall configuration is typical. The patch was lifted from FreeBSD. There are a couple differences between this and FreeBSD's implementation: 1) FreeBSD enables random ports by default. This patch keeps the current operation by default. 2) FreeBSD enables and disables random ports via sysctl. This patch uses CDL instead. 3) FreeBSD has logic that turns off random ports for TCP if a configurable connection rate is exceeded, and then reenables random ports once the rate decreases. This patch removed that logic. -- Matt __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Attachment:
randomports.pat
Description: randomports.pat
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |