Risks of patched servers behind de-randomizing NAT
Trey Valenta
t at trey.net
Fri Aug 1 17:24:58 UTC 2008
On Fri, Aug 01, 2008 at 06:43:25AM -0500, Kirk wrote:
> After upgrading these servers to the latest patched version of BIND, I
> tried the porttest query to test randomization. Well, both got POOR
> ratings. This led me to believe that my PIX was the culprit.
I've seen the same thing on our PIX, even with "id-randomization"
set. The source ports are randomized, but very poorly.
http://tools.cisco.com/security/center/viewAlert.x?alertId=14505
Trey
--
<t(Trey)@(Valenta)trey.net> Seattle, Wash.
Q: Why did the astrophysicist order three hamburgers?
A: Because he was hungry.
More information about the bind-users
mailing list