Date: Wed, 09 Jul 2008 14:00:36 +0200 From: Jille Timmmermans <jille@hexon.cx> To: Oliver Fromme <olli@lurza.secnetix.de> Cc: freebsd-security@freebsd.org Subject: Re: BIND update? Message-ID: <4874A864.3080909@hexon.cx> In-Reply-To: <200807091054.m69As4eH065391@lurza.secnetix.de> References: <200807091054.m69As4eH065391@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Those sysctl apply to sockets that don't get bind(2), or bind(2) to port 0. (Wild guess ahead!) BIND probably always binds to the same port, or uses the same socket, etc -- Jille Oliver Fromme wrote: > Andrew Storms wrote: > > http://www.isc.org/index.pl?/sw/bind/bind-security.php > > I'm just wondering ... > > ISC's patches cause source ports to be randomized, thus > making it more difficult to spoof response packets. > > But doesn't FreeBSD already randomize source ports by > default? So, do FreeBSD systems require to be patched > at all? > > Best regards > Oliver > > PS: > $ sysctl net.inet.ip.portrange.randomized > net.inet.ip.portrange.randomized: 1 > $ sysctl -d net.inet.ip.portrange.randomized > net.inet.ip.portrange.randomized: Enable random port allocation > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4874A864.3080909>