You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To reduce the ability of a non-root user on a system running LKRG to flood the receiver with connections, we could be making our own ones from a privileged port, so that the receiver could drop the user's ones early (without waiting for them to provide any of our handshake traffic).
We can reuse the same source port number (would need to test how this plays with previous stalled connections from the same port on the receiving end) or we can implement our own allocator of unused random port number within a range.
Either way, a drawback is the source port number becomes less random, which can make blind network-based DoS attacks easier.
The text was updated successfully, but these errors were encountered:
To reduce the ability of a non-root user on a system running LKRG to flood the receiver with connections, we could be making our own ones from a privileged port, so that the receiver could drop the user's ones early (without waiting for them to provide any of our handshake traffic).
We can reuse the same source port number (would need to test how this plays with previous stalled connections from the same port on the receiving end) or we can implement our own allocator of unused random port number within a range.
Either way, a drawback is the source port number becomes less random, which can make blind network-based DoS attacks easier.
The text was updated successfully, but these errors were encountered: