Insufficient DNS Source Port Randmoization

John Bond jbond at ripe.net
Mon Aug 1 12:38:04 UTC 2011


On 7/28/11 9:43 AM, Stephane Bortzmeyer wrote:
> Did you try to obtain an independent confirmation from a reliable
> source? (I do not know this product, but I distrust private black
> boxes.) I recommend:
NeXpose is a good vulnerability auditor, it is a product by Rapid7 the
owners of metasploit.  HD moore, original author of metasploit is the
CSO and chief architect at rapid7.

As others have suggested i suspect this is caused by a firewall, or IDS
changing the source port, i believe Checkpoint Smart defence dose this.
 The best way to rule out bind, would be to run these checks locally.

The community edition of NeXpose is available for use with up-to 32 IP
addresses, so you could just install it in a VM and run the tests locally

http://www.rapid7.com/products/nexpose-community-edition.jsp





More information about the bind-users mailing list