[grsec] grsecurity 2.1.2 released for 2.4.29/2.6.11 *CRITICAL
UPDATE*
Brad Spengler
spender at grsecurity.net
Sat Mar 5 15:38:39 EST 2005
> ? ? ? ? During testing of kernel 2.6.11 with grsecurity 2.1.2 and config
> option Security Level set to high, I have noticed that TCP source ports are
> no longer random. ?I have checked the kernel config and both
> CONFIG_GRKENSEC_RANDNET & CONFIG_GRKENSEC_RANDSRC are set to y.
A feature equal in aim to the random TCP source ports feature, but
different in implementation was added to 2.6.11. Repeated connections
to the same host and port over a given time interval will have an
incrementing source port. Connections to a different host or the same
host and a different port will have a "random" source port.
For more information on the new implementation in Linux and the reason
behind it, see:
http://www.ietf.org/internet-drafts/draft-larsen-tsvwg-port-randomisation-00.txt
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20050305/23ceebc4/attachment.pgp
More information about the grsecurity
mailing list