The modern communications era has brought about a tremendous expansion of wireline and wireless networks. Computer networks, television networks, and telephony networks are experiencing an unprecedented technological expansion, fueled by consumer demand. Wireless and mobile networking technologies have addressed related consumer demands, while providing more flexibility and immediacy of information transfer.
Current and future networking technologies as well as evolved computing devices making use of networking technologies continue to facilitate ease of information transfer and convenience to users. One area in which there is a demand to further improve ease of information transfer is facilitating transmission of data over a network in a manner that inhibits blind attacks against a network host device.
In this regard, blind attacks against host devices are becoming an increasing threat in network environments. The consequences of blind attacks may include throughput reduction, broken connections, and/or data corruption. In order to protect against blind attacks, the attacker's ability to guess the five parameters that identify a transport instance must be inhibited. These five parameters include protocol, source address, destination address, source port, and destination port. In most transport instances, the protocol, source address, destination address, and destination port are fixed. Accordingly, a host device may only protect itself against blind attacks if it is able to select a random source port.
In instances in which a host device is not restricted in the ports that it may use for communication, a host device may be able to freely randomly select a port used for communication with other network devices. However, in some scenarios, a host device is port-restricted in that it is limited to use of a certain group of ports allocated to the device by a network management entity. Host devices are commonly port-restricted in situations where a network address is shared by multiple host devices, each of which is allocated a unique set of ports to ensure that the host devices sharing the same network address do not interfere with each other's communications. Allocation and use of shared port-restricted network addresses is particularly common in networks utilizing Internet Protocol version 4 (IPv4) addressing in which there is a relatively limited number of available addresses. In such scenarios, a host device is allocated a relatively small selection of ports that it may select, such as, for example, 1000 ports out of an available 64 k port range. Often, these allocated ports comprise a continuous range of ports, such as, for example, ports 1000-1999.
Allocation of a relatively small continuous range of ports makes it hard for a host device to randomly select a port to use for a transport instance so as to inhibit a blind attack as the pool of ports available to the host device comprises a relatively small number of ports in a sequential sequence. Further, allocating a continuous range of ports has privacy implications, as a connection from port X and a connection from port X+2 are likely coming from the same host device. However, allocation of a non-continuous range of ports poses problems given current port allocation methods in that a network management entity allocating ports to a host device must communicate sufficient information to the host device to enable the host device to determine which ports it has been allocated. If the network management entity randomly allocates ports to the host device and then must communicate each allocated port to the host device (e.g., by listing port 1765, port 2324, etc in the port allocation message), the port allocation message sent to the host device would be quite large. Accordingly, it would be advantageous to provide methods, apparatuses, and computer program products for facilitating randomized port allocation.