grsecurity forums

[Abaddon]

What has happend to tcp pid randomization? This option was usefull, is there any way to turn it on?

[onyx]

What has happend to tcp pid randomization? This option was usefull, is there any way to turn it on?

TCP randomisation is turned off, because the official 2.6.11 contains it already. If you connect to the same ip, tcp ports are not randomized, but if you connect to some other machine, you will see, that it's randomized.

[Abaddon]

No, no no...

len=46 ip=xxx.xxx.xxx.xxx ttl=63 DF id=12600 sport=0 flags=RA seq=0 win=0 rtt=2.9 ms
len=46 ip=xxx.xxx.xxx.xxx ttl=63 DF id=12601 sport=0 flags=RA seq=1 win=0 rtt=2.2 ms
len=46 ip=xxx.xxx.xxx.xxx ttl=63 DF id=12602 sport=0 flags=RA seq=2 win=0 rtt=5.1 ms

[onyx]

qouted from the grsec mailing-list:

> ? ? ? ? During testing of kernel 2.6.11 with grsecurity 2.1.2 and config
> option Security Level set to high, I have noticed that TCP source ports are
> no longer random. ?I have checked the kernel config and both
> CONFIG_GRKENSEC_RANDNET & CONFIG_GRKENSEC_RANDSRC are set to y.

A feature equal in aim to the random TCP source ports feature, but
different in implementation was added to 2.6.11. Repeated connections
to the same host and port over a given time interval will have an
incrementing source port. Connections to a different host or the same
host and a different port will have a "random" source port.

For more information on the new implementation in Linux and the reason
behind it, see:
http://www.ietf.org/internet-drafts/dra ... ion-00.txt

-Brad

Me, myself didn't try it, but I believe Brad.

[spender]

The IP IDs do indeed increment for a specific host during a specific session. If you make another connection, you'll see that it doesn't increment where the other session left off. This is enough to prevent the bounced portscan attacks which relied on a global ip id counter.

-Brad