[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securing bind..

Russell Coker wrote:
> DNS cache machine sents out requests from source port 54 (not obscure - every 
> administrator of every DNS server on the net can easily discover this).
> Recursive requests go to port 53 (getting a DNS client to even talk to 
> another port is difficult or impossible depending on the client).

  By forcing the source port for recursive requests to a given fixed
  one, do you not make yourself more vulnerable to the spoofing attacks
  you were talking about, because the attacker does not have to predict
  the source port of the query ?

Thomas Seyrat.

Reply to: