Changeset 1173 for fwknop/trunk/ChangeLog

Timestamp:

07/18/08 23:38:39 (5 months ago)

Author:

mbr

Message:

implemented UDP source port randomization by default, and added --Source-port in the fwknop client to override this

Files:

• fwknop/trunk/ChangeLog (modified) (2 diffs)

fwknop/trunk/ChangeLog

@@ -1 @@
-
+18
-    - SPA packets are base64-encoded by the fwknop client, and this encoding
-      pads data with '=' chars until the total length of the encoded data is a
@@ -25 +25 @@
-        alert udp any any -> any 62201 (msg:"fwknop GnuPG encrypted SPA
-        traffic"; content:"hQ"; depth:2; dsize:>1000; sid:20080003; rev:1;)
+
+    - Updated the fwknop client to randomize the UDP source port for default
+      SPA packet generation.  There is also a new command line argument
+      --Source-port <port> to allow the user to manually set the source port
+      on the fwknop client command line.  A lot more attention is given now to
+      source ports after the Dan Kaminsky DNS caching exploit, and it turns
+      out that even on Linux that the kernel did not randomize UDP source
+      ports until the 2.6.24 kernel.  Of course, any userspace process is free
+      to request a random port itself, but if a userspace application did not
+      build this in then it would be up to the kernel to assign a source port.
+      In the case of Linux, here are two links that show the change to the
+      kernel code as well as the ChangeLog entry for UDP source port
+      randomization:
+
+        http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;\
+        a=commit;h=32c1da70810017a98aa6c431a5494a302b6b9a30
+        http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24
-
-    - (Test suite): Added the ability to explicitly run major classes of tests