[networking-guide] master: Avoid using fixed UDP source ports (675bd1a)
stephenw at fedoraproject.org
stephenw at fedoraproject.org
Mon Jul 21 20:28:54 UTC 2014
Repository : http://git.fedorahosted.org/cgit/docs/networking-guide.git
On branch : master
>---------------------------------------------------------------
commit 675bd1aeac7e42c2253372e4c29ea626899dfa3a
Author: Stephen Wadeley <swadeley at redhat.com>
Date: Mon Jul 21 21:51:44 2014 +0200
Avoid using fixed UDP source ports
Improve the warning
>---------------------------------------------------------------
en-US/BIND.xml | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/en-US/BIND.xml b/en-US/BIND.xml
index 3185f35..f9f5eb7 100644
--- a/en-US/BIND.xml
+++ b/en-US/BIND.xml
@@ -1908,8 +1908,7 @@ ns.icann.org. 12884 IN A 192.0.34.126
<warning id="warning-Warning-Avoid_Using_Fixed_UDP_Source_Ports">
<title>Avoid using fixed UDP source ports</title>
<para>
- According to the recent research in DNS security, using a fixed UDP source port for DNS queries is a potential security vulnerability that could allow an attacker to conduct cache-poisoning attacks more easily. To prevent this, configure your firewall to allow queries from a random UDP source port.
- </para>
+ Using a fixed <systemitem class="protocol">UDP</systemitem> source port for <systemitem class="protocol">DNS</systemitem> queries is a potential security vulnerability that could allow an attacker to conduct cache-poisoning attacks more easily. To prevent this, by default <systemitem class="protocol">DNS</systemitem> sends from a random ephemeral port. Configure your firewall to allow outgoing queries from a random <systemitem class="protocol">UDP</systemitem> source port. The range <literal>1024</literal> to <literal>65535</literal> is used by default.</para>
</warning>
</listitem>
</varlistentry>
More information about the docs-commits
mailing list