Yes, I was referring to porttest. Best.
On Mon, Sep 9, 2013 at 6:27 PM, Keith Mitchell <[email protected]> wrote: > On 09/09/2013 06:07 AM, Haya Shulman wrote: > > > For instance, DNS-OARC does not detect port prediction attacks, and > > reports clients as secure, while they are vulnerable to attacks. > > OARC does many things, I assume here you are referring to our port > entropy tester: > > https://www.dns-oarc.net/oarc/services/porttest > > > I contacted the maintainers of DNS-OARC and notified them of this > > vulnerability last year, and proposed a simple fix to the problem... > > but the system was not updated and still reports vulnerable systems > > as secure, so relying on its feedback may be risky. > > I didn't see that communication, so I can only assume it pre-dated my > current OARC tenure. Thanks for the heads-up and apologies it did not > get responded to. If you could please re-send me what you sent off-list, > we'll see about getting your proposed fix incorporated into the tool > and/or an appropriate caveat meantime. > > Keith > > -- Best Regards, S.H.
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
