Re: BIND update?



Andrew Storms wrote:
http://www.isc.org/index.pl?/sw/bind/bind-security.php

I'm just wondering ...

ISC's patches cause source ports to be randomized, thus
making it more difficult to spoof response packets.

But doesn't FreeBSD already randomize source ports by
default? So, do FreeBSD systems require to be patched
at all?

Best regards
Oliver

PS:
$ sysctl net.inet.ip.portrange.randomized
net.inet.ip.portrange.randomized: 1
$ sysctl -d net.inet.ip.portrange.randomized
net.inet.ip.portrange.randomized: Enable random port allocation

--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd

It's trivial to make fun of Microsoft products,
but it takes a real man to make them work,
and a God to make them do anything useful.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: BIND update?
    ... ISC's patches cause source ports to be randomized, ... But doesn't FreeBSD already randomize source ports by ... binding to a single query port and sticking to it is how BIND ...
    (FreeBSD-Security)
  • Re: BIND update?
    ... ISC's patches cause source ports to be randomized, ... But doesn't FreeBSD already randomize source ports by ... host 1iatest2.yahoo.co.uk ...
    (FreeBSD-Security)
  • Re: BIND update?
    ... ISC's patches cause source ports to be randomized, ... But doesn't FreeBSD already randomize source ports by ... binding to a single query port and sticking to it is how BIND has operated for years. ...
    (FreeBSD-Security)
  • Re: TCP
    ... On 02.10.2010 11:47, Jordi Espasa Clofent wrote: ... ¿Is there some way in FreeBSD to randomize the TCP timestamps as OpenBSD does by default? ...
    (freebsd-net)
  • Re: TCP
    ... On 10/2/10 2:15 PM, Andre Oppermann wrote: ... ¿Is there some way in FreeBSD to randomize the TCP timestamps as OpenBSD does by default? ...
    (freebsd-net)