BIND ignores queries from specific privileged source ports
Grant Taylor
gtaylor at tnetconsulting.net
Mon Jun 10 16:32:55 UTC 2019
On 6/10/19 10:18 AM, Barry Margolin wrote:
> Why would the original source port be close to any of these low port
> numbers? Source ports should normally be ephemeral ports.
There has been some movement afoot in the last 10 years or so to use
more of the 65,535 ports as the source port for security reasons.
The motivation behind it is to add additional bits of entropy to make it
harder to predict and spoof a reply.
Steve Gibson has a good page with a lot of the details. At least
explaining the mentality behind it. I don't have the skills to judge it.
Link - DNS Nameserver Spoofability Test
- https://www.grc.com/dns/dns.htm
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190610/71be3eda/attachment.bin>
More information about the bind-users
mailing list