Port Randomization

Document Type Replaced Internet-Draft (individual in tsv area)
Last updated 2015-10-14 (latest revision 2007-09-10)
Replaced by draft-ietf-tsvwg-port-randomization
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-tsvwg-port-randomization
Telechat date
Responsible AD Lars Eggert
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Recently, awareness has been raised about a number of "blind" attacks that can be performed against the Transmission Control Protocol (TCP) and similar protocols. The consequences of these attacks range from throughput-reduction to broken connections or data corruption. These attacks rely on the attacker's ability to guess or know the four- tuple (Source Address, Destination Address, Source port, Destination Port) that identifies the transport protocol instance to be attacked. This document describes a simple and efficient method for random selection of the client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead.


Michael Larsen (michael.vittrup.larsen@ericsson.com)
Fernando Gont (fernando@gont.com.ar)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)