Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Net: Consider using a privileged source port number #316

Open
solardiz opened this issue Feb 25, 2024 · 0 comments
Open

Net: Consider using a privileged source port number #316

solardiz opened this issue Feb 25, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@solardiz
Copy link
Contributor

To reduce the ability of a non-root user on a system running LKRG to flood the receiver with connections, we could be making our own ones from a privileged port, so that the receiver could drop the user's ones early (without waiting for them to provide any of our handshake traffic).

We can reuse the same source port number (would need to test how this plays with previous stalled connections from the same port on the receiving end) or we can implement our own allocator of unused random port number within a range.

Either way, a drawback is the source port number becomes less random, which can make blind network-based DoS attacks easier.

@solardiz solardiz added the enhancement New feature or request label Feb 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant