* Iljitsch van Beijnum <iljitsch@muada.com> [2004-05-13 19:52]:
I don't think you can fully randomize the source port as it might clash with well-known ports.
of course. 1024 - 49151, on OpenBSD.
Also, it may be somewhat expensive to make ports truly random. (But not as expensive as doing MD5 for the whole session.)
We have randomized src ports in OpenBSD since 1996 - on all platforms, including vax and such. No, it is not expensive.
But why are you assuming the window size is 64k? This is completely unnecessary, and not done in practice by "real" routers: those typically use a 16k window. It should even be possible to set the window to a very small size, such as 64 bytes. That's enough to receive the initial BGP header, after which the window can be set to a larger size until the session is idle again.
In OpenBSD's bgpd, we only scale the window up of md5sig or ipsec is in use... -- Henning Brauer, BS Web Services, http://bsws.de hb@bsws.de - henning@openbsd.org Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)