Network Stack Randomness
The OpenBSD project has been very aggressive in its use of strong pseudo-random data in its network code; as a policy, pseudo-random data is used in protocol fields wherever possible, in many cases in a way not envisioned by the protocol designers. Randomness is also used within the network code to protect against denial of service attacks.
This presentation outlines the reasons for this approach, discusses how and where it is implemented in OpenBSD, and provides examples of attacks which this approach has mitigated. Performance costs and comparison with the other major BSDs will be presented.
Why this is important: This provides real security benefits. We want people to:
Copyright © 2005 by EuroBSDCon 2005. All rights reserved.