[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Moritz Muehlenhoff a écrit :
> Hideki Yamane  wrote:
>>> The 2.6.24
>>> kernel available since the last etch point release offers some
>>> protection as well.
>>  Umm? This is NEW information for me. Could you give me any references?
>>  (certainly if you can disclosure. It is a sensitive issue.)
> The Linux kernel implements UDP source port randomisation since 2.6.24:

And the Linux kernel (Netfilter) implements NAT source port randomization
since 2.6.21, which can make it a conveninent way to protect your natted
hosts without any patching.

See http://software.inl.fr/trac/wiki/contribs/RandomSkype for details.


On sait qu'une cité va devenir grande quand on y voit les anciens planter
des arbres, alors qu'ils savent qu'ils ne profiteront jamais de leur

Proverbe Grec

Reply to: