Date: Wed, 9 Jul 2008 12:54:04 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-security@FreeBSD.ORG Subject: Re: BIND update? Message-ID: <200807091054.m69As4eH065391@lurza.secnetix.de> In-Reply-To: <C4990135.1A0907%astorms@ncircle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Storms wrote: > http://www.isc.org/index.pl?/sw/bind/bind-security.php I'm just wondering ... ISC's patches cause source ports to be randomized, thus making it more difficult to spoof response packets. But doesn't FreeBSD already randomize source ports by default? So, do FreeBSD systems require to be patched at all? Best regards Oliver PS: $ sysctl net.inet.ip.portrange.randomized net.inet.ip.portrange.randomized: 1 $ sysctl -d net.inet.ip.portrange.randomized net.inet.ip.portrange.randomized: Enable random port allocation -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd It's trivial to make fun of Microsoft products, but it takes a real man to make them work, and a God to make them do anything useful.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807091054.m69As4eH065391>