Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

To: debian-security@lists.debian.org
Subject: Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
From: "Vincent Deffontaines" <vincent@gryzor.com>
Date: Wed, 13 Aug 2008 11:41:08 +0200 (CEST)
Message-id: <[🔎] 2056.80.13.1.6.1218620468.squirrel@ssl.ombos.raceme.org>
In-reply-to: <[🔎] slrnga0tft.3b1.jmm@inutil.org>
References: <87myks4886.fsf@mid.deneb.enyo.de> <487436AF.70707@glimmer.demon.co.uk> <[🔎] 20080810221923.8ff52718.henrich@debian.or.jp> <[🔎] 87d4kgiqau.fsf@mid.deneb.enyo.de> <[🔎] 20080811094339.a522a1c3.henrich@debian.or.jp> <[🔎] slrnga0tft.3b1.jmm@inutil.org>

Moritz Muehlenhoff a écrit :
> Hideki Yamane  wrote:
>>> The 2.6.24
>>> kernel available since the last etch point release offers some
>>> protection as well.
>>
>>  Umm? This is NEW information for me. Could you give me any references?
>>  (certainly if you can disclosure. It is a sensitive issue.)
>
> The Linux kernel implements UDP source port randomisation since 2.6.24:

And the Linux kernel (Netfilter) implements NAT source port randomization
since 2.6.21, which can make it a conveninent way to protect your natted
hosts without any patching.

See http://software.inl.fr/trac/wiki/contribs/RandomSkype for details.

Vincent

-- 
On sait qu'une cité va devenir grande quand on y voit les anciens planter
des arbres, alors qu'ils savent qu'ils ne profiteront jamais de leur
ombre.

Proverbe Grec

Reply to:

Follow-Ups:
- Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Rick Moen <rick@linuxmafia.com>

References:
- Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Hideki Yamane <henrich@debian.or.jp>
- Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Hideki Yamane <henrich@debian.or.jp>
- Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by Date: Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Previous by thread: Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by thread: Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Index(es):
- Date
- Thread