[grsec] TCP Timestamp Randomization

[Florian Weingarten]

Hi list,

I am currently working on methods to detect (identify, count, filter)
single hosts behind NAT gateways. We already have a working proof of
concept which uses TCP timestamps (the basic idea is similar to the one
introduced in Phrack a few years ago). A trivial way to defeat this
approach (without deactivating timestamps) is to randomize initial
timestamp values on a per-connection basis (instead of initializing it
to the current system time, like Linux does).

OpenBSD already has this feature ("reassamble tcp"). Is something like
this implemented (or planned to be implemented) in grsecurity? If not, why?

Thanks!

Flo