Vulnerability to cache poisoning -- the rest of the solution

Peter Laws plaws at ou.edu
Mon Jul 14 16:42:05 UTC 2008


Jeff Lightner wrote:
> We were only allowing port 53 outside the firewall (confirmed by the
> Network folks).   We've been doing lookups for external sites fine
> despite that.   Was the discussion in current thread about that or
> something else?
> 

53, 42, 10999, 63215, doesn't make any difference.  But if it's always 53 
or anything else you make the attackers job easier (and they thank you ... 
or will on August 6).


> Also my Network admin is asking for clarification of what needs to be
> opened for the port randomization.   He thinks it should only be ports
> above 1024.

If it's running as named, obviously you'd be restricted to ports named 
could open, which are above 1024 generally.  Otherwise, it's OS-dependent, 
AFAIK.  Seems to me Solaris will (or would in pre-10 days) only pick 32768 
or above though it could be changed.

-- 
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!





The information contained in this message and any attachment may be
proprietary, confidential, and privileged or subject to the work
product doctrine and thus protected from disclosure.  If the reader
of this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify me
immediately by replying to this message and deleting it and all
copies and backups thereof.  Thank you.




More information about the bind-users mailing list