Vulnerability to cache poisoning -- the rest of the solution
Peter Laws
plaws at ou.edu
Mon Jul 14 16:42:05 UTC 2008
Jeff Lightner wrote:
> We were only allowing port 53 outside the firewall (confirmed by the
> Network folks). We've been doing lookups for external sites fine
> despite that. Was the discussion in current thread about that or
> something else?
>
53, 42, 10999, 63215, doesn't make any difference. But if it's always 53
or anything else you make the attackers job easier (and they thank you ...
or will on August 6).
> Also my Network admin is asking for clarification of what needs to be
> opened for the port randomization. He thinks it should only be ports
> above 1024.
If it's running as named, obviously you'd be restricted to ports named
could open, which are above 1024 generally. Otherwise, it's OS-dependent,
AFAIK. Seems to me Solaris will (or would in pre-10 days) only pick 32768
or above though it could be changed.
--
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!
More information about the bind-users
mailing list