Risks of patched servers behind de-randomizing NAT
David Carmean
dlc at halibut.com
Thu Jul 31 20:18:19 UTC 2008
I seem to have lost a message where somebody from ISC (Paul?) was going to
release an updated/new advisory regarding the source-port de-randomizing
effects of many NAT implementations will have upon patched servers.
Many of the folks I'm working with are unconcerned about this problem,
because they cannot come up with an attack scenario against a recursive
server behind a [NATting] firewall. They are also apparently hearing
claims from our firewall vendor (starts with a letter between I and K) that
this is not a big deal for servers behind a [their?] firewall. (Were they
not invited to The Big Meeting?)
Can we get a reading from Those Who Know about how likely it is that
BadGuys can trick a client inside such a firewall to facilitate an attack
against an internal recursive server (said server can query through the firewall).
Thanks.
More information about the bind-users
mailing list