Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Quoting Vincent Deffontaines (vincent@gryzor.com):
> And the Linux kernel (Netfilter) implements NAT source port randomization
> since 2.6.21, which can make it a conveninent way to protect your natted
> hosts without any patching.
>
> See http://software.inl.fr/trac/wiki/contribs/RandomSkype for details.
I believe this works on UDP traffic only starting with 2.6.24. See:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=32c1da70810017a98aa6c431a5494a302b6b9a30
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24
Reply to: