Thursday, December 18, 2008

Draft Paper on Port Randomization

One technique proposed to mitigate the problems blind attackers can cause by injecting traffic into some connection is to carefully choose the transport layer ephemeral port number. This makes it difficult for an attacker to spoof traffic to some valid endpoint and have that traffic acted upon. A number of port selection schemes have been developed. We add to this list and evaluate the known techniques in the following draft paper. Comments welcome.


Mark Allman. Comments On Selecting Ephemeral Ports, December 2008.

No comments: