Those sysctl apply to sockets that don't get bind(2), or bind(2) to port 0. (Wild guess ahead!) BIND probably always binds to the same port, or uses the same socket, etc
-- Jille Oliver Fromme wrote:
Andrew Storms wrote: > http://www.isc.org/index.pl?/sw/bind/bind-security.php I'm just wondering ... ISC's patches cause source ports to be randomized, thus making it more difficult to spoof response packets. But doesn't FreeBSD already randomize source ports by default? So, do FreeBSD systems require to be patched at all? Best regards Oliver PS: $ sysctl net.inet.ip.portrange.randomized net.inet.ip.portrange.randomized: 1 $ sysctl -d net.inet.ip.portrange.randomized net.inet.ip.portrange.randomized: Enable random port allocation
_______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
