no port randomization with dig over IPv6 on mac os

Jakob Dhondt jakob.dhondt at switch.ch
Tue Dec 11 08:29:38 UTC 2018


Hi all,

thanks for your answers!

Cheers,

Jakob


On 10.12.18 15:56, Tony Finch wrote:
> Warren Kumari <warren at kumari.net> wrote:
>
>> I’m also wondering *how* it is doing this — to increment by 2 it sounds
>> like there is state being kept - perhaps dig simply relies on the kernel
>> for the source port and isn’t randomizing at all ( and so the difference is
>> actually OS difference, and not dig differences?
> Yes. It's also a protocol family difference, because Mac OS does randomize
> over IPv4. (Not doing so over IPv6 must be a bug....)
>
> There are sysctls:
>
> net.inet.tcp.randomize_ports: 0
> net.inet.udp.randomize_ports: 1
>
> The net.inet sysctls for UDP and TCP should also apply to inet6...
>
> Tony.
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 

SWITCH
Jakob Dhondt, Security Engineer, SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 15, direct +41 44 268 16 23
jakob.dhondt at switch.ch, www.switch.ch
Security-News: securityblog.switch.ch

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20181211/584b4d3e/attachment.html>


More information about the bind-users mailing list