rfc6056 —
port randomization algorithms
The rfc6056 algorithms are used in order to randomize
  the port allocation of outgoing UDP packets, in order to provide protection
  from a series of “blind” attacks based on the attacker's ability
  to guess the sequence of ephemeral ports associated with outgoing packets. For
  more information consult RFC 6056.
The individual algorithms are described below.
The following algorithms are available:
  - bsd
- This is the default NetBSD port selection
      algorithm, which starts from anonportmaxand
      proceeds decreasingly through the available ephemeral ports.
- random_start
- Select ports randomly from the available ephemeral ports. In case a
      collision with a local port is detected, the algorithm proceeds
      decreasingly through the sequence of ephemeral ports until a free port is
      found. Note that the random port selection algorithms are not guaranteed
      to find a free port.
- random_pick
- Select ports randomly from the available ephemeral ports. In case a
      collision with a local port is detected the algorithm tries selecting a
      new port randomly until a free port is found.
- hash
- Select ports using a md5(3)
      hash of the local address, the foreign address, and the foreign port. Note
      that in the case of a bind(2)
      call some of this information might be unavailable and the port selection
      is delayed until the time of a
      connect(2) call, performed
      either explicitly or up calling
      sendto(2).
- doublehash
- Select ports using a md5(3)
      hash of the local address, foreign address, and foreign port coupled with
      a md5(3) hash of the same
      components obtained using a separate table that is associated with a
      subset of all outgoing connections. The same considerations regarding late
      connection as in the case of hash apply.
- randinc
- Use random increments in order to select the next port.
The following sysctl controls are available for selecting the default port
  randomization algorithm:
  
    | sysctl name | Type | Changeable | 
  
    | net.inet.ip.anonportalgo.available | string | no | 
  
    | net.inet.ip.anonportalgo.selected | string | yes | 
  
    | net.inet6.ip6.anonportalgo.available | string | no | 
  
    | net.inet6.ip6.anonportalgo.selected | string | yes | 
The IP_PORTSEL socket option at the
  IPPROTO_IP level and the
  IPV6_PORTSEL socket option at the
  IPPROTO_IPV6 level can be used with a string argument
  specifying the algorithm's name in order to select the port randomization
  algorithm for a specific socket. For more info see
  setsockopt(2).
The rfc6056 algorithms first appeared in
  NetBSD 6.0.