|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Kaminsky's DNS bug: PF workaround
From: Anthony Roberts (openbsd-misc
arbitraryconstant.com)
Date: Tue Sep 09 2008 - 00:35:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Yea but I wonder why PF isn't working here.
I didn't see you mention it not working in any of your posts.
What you might notice with the PF workaround is that sites like doxpara
think you're vulnerable, because queries to the same name server use the
same source port. Queries to different servers will use different source
ports.
The way to confirm it's working is to watch some DNS packets to different
servers with tcpdump.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]