* Carlos Carvalho: > >Note that using --random with a patched resolver (one that uses stronger > >random numbers for source ports) makes it vulnerable again. By default, > >Netfilter tries to preserve source ports, so its NAT does not destroy > >the effort put into BIND et al. > > Really? This post says the kernel randomization is good... It applies to the configuration without --random.