Re: Securing bind..

To: debian-security@lists.debian.org
Cc: debian-user@lists.debian.org, debian-isp@lists.debian.org
Subject: Re: Securing bind..
From: Thomas Seyrat <thomas@glou.net>
Date: Mon, 31 Dec 2001 14:20:18 +0100
Message-id: <[🔎] 20011231142018.A2120@lise.hsc.fr>
In-reply-to: <[🔎] 20011230213950.7484D3762A6@lyta.coker.com.au>; from russell@coker.com.au on Sun, Dec 30, 2001 at 10:39:50PM +0100
References: <[🔎] Pine.LNX.3.96.1011230091206.4175A-100000@trillian> <[🔎] 20011230213950.7484D3762A6@lyta.coker.com.au>

Russell Coker wrote:
> DNS cache machine sents out requests from source port 54 (not obscure - every 
> administrator of every DNS server on the net can easily discover this).
> Recursive requests go to port 53 (getting a DNS client to even talk to 
> another port is difficult or impossible depending on the client).

  By forcing the source port for recursive requests to a given fixed
  one, do you not make yourself more vulnerable to the spoofing attacks
  you were talking about, because the attacker does not have to predict
  the source port of the query ?

-- 
Thomas Seyrat.

Reply to:

Follow-Ups:
- Re: Securing bind..
  - From: Peter Wiersig <wiersig@peter.glamus.de>

References:
- Re: Securing bind..
  - From: Jor-el <jorel@trillian.megadodo.umb>
- Re: Securing bind..
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: strange log
Next by Date: Re: Securing bind..
Previous by thread: Re: Securing bind..
Next by thread: Re: Securing bind..
Index(es):
- Date
- Thread