Skip to content

Ephemeral Ports assigment

Jens Keim edited this page Apr 15, 2019 · 1 revision

To select source-ports for bot-connections of the botnet-attack, ID2T offers 3 strategies widely used in operating systems:

  1. sequential: Port numbers will start at the beginning of the range of ports used for ephemeral ports and will increment along with new chosen ports. If the end of the ephemeral port range is reached selection will continue from the start again.
  2. random: Select a random port from the ephemeral port range
  3. linux-kernel: This is an implementation focused on the implementation of the linux kernel. Keep in mind not all linux systems use this strategy, e.g. one linux mint installation from 2017 still used the sequential strategy.

(Port selection strategies from newer systems are not available because they're closed source and reverse engineering them is out of the scope of this project)

By default the MembersMgmtCommAttack uses the linux-implementation. Keep in mind operating systems have one epehemeral port range for TCP and UDP but may have different selection strategies for those two. MembersMgmtCommAttack only creates UDP packets for now, but this might change in the future and with this the selection strategy might too.

To save developers some time the file code/ID2TLib/Ports.py contains two enumeration-classes containing ephemeral port ranges and port-selection-combinations for several operation systems, along with a link to the source of this information. Yet this list is far from complete and adding to this list would a great contribution.