Skip to main content

Port Randomization

Document Type Replaced Internet-Draft (individual in tsv area)
Expired & archived
Authors Michael Larsen , Fernando Gont
Last updated 2015-10-14 (Latest revision 2007-09-10)
Replaced by draft-ietf-tsvwg-port-randomization
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Stream WG state (None)
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-tsvwg-port-randomization
Action Holders
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD Lars Eggert
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Recently, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the four- tuple (Source Address, Destination Address, Source port, Destination Port) that identifies the transport protocol instance to be attacked. This document describes a simple and efficient method for random selection of the client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead.


Michael Larsen
Fernando Gont

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)