Vulnerability to cache poisoning -- the rest of the solution
Mark Andrews
Mark_Andrews at isc.org
Mon Jul 14 22:53:32 UTC 2008
> Will BIND randomize query TCP source ports as well (when TCP is
> required) with these new patches?
>
> Thanks,
>
> Josh
TCP doesn't need to randomise the port. Your TCP stack
should be randomising the 32 bit TCP sequence number it
uses when establishing a connection. If it doesn't, get a
new OS as the one you have is ancient and full of security
holes.
This makes TCP much harder, but not impossible, to spoof
than UDP.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list