Mark Allman / ICSI @mallman_icsi

Mark Allman. Comments On Selecting Ephemeral Ports, ACM Computer Communication Review, 39(2), April 2009.


Careless selection of the ephemeral port number portion of a transport protocol's connection identifier has been shown to potentially degrade security by opening the connection up to injection attacks from ``blind'' or ``off path'' attackers---or, attackers that cannot directly observe the connection. This short paper empirically explores a number of algorithms for choosing the ephemeral port number that attempt to obscure the choice from such attackers and hence make mounting these blind attacks more difficult.


    author   =        "Mark Allman",
    title    =        "{Comments On Selecting Ephemeral Ports}",
    journal  =        "ACM Computer Communication Review",
    year     =        2009,
    volume   =        39,
    number   =        2,
    month    =        apr,
"We are what we repeatedly do. Excellence, then, is not an act, but a habit." --Aristotle