DNS aund randomized source ports
Reindl Harald
h.reindl at thelounge.net
Fri Mar 15 11:15:10 UTC 2013
Am 15.03.2013 10:57, schrieb Ed Greshko:
> On 03/15/13 17:46, Ed Greshko wrote:
>> Is the destination IP address a single IP address or are there others.
>>
>> Is your system running a DNS server? If you are running one, is it supposed to be servicing requests from the Internet? If it is supposed to be taking requests from the Internet, have you made sure to configure such that recursion is disabled.
>
> Never mind....
>
> In re-reading the original message I see the "source port" is 35442. I'm pretty sure recursion from a DNS server would show 53 as the source port.
pretty sure only if your DNS is very outdated
http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
http://en.wikipedia.org/wiki/DNS_spoofing
As stated above, source port randomization for DNS requests, combined with the use of cryptographically-secure
random numbers for selecting both the source port and the 16-bit cryptographic nonce, can greatly reduce the
probability of successful DNS race attacks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130315/30ca4045/attachment.sig>
More information about the users
mailing list