> djbdns and PowerDNS are not vulnerable to this new attack vector > because they don't hold open an outbound source port for queries. DUH? Those authors realized the implications years ago, and took precautions that render them invulnerable today. Just because others ignored logic does not make this 'new'.
> The QA manager for CentOS, a friend of mine, told me that glibc is > also vulnerable. But he was referring to their glibc, not ours;O These 'revelations' only show the impact of rumors. This IS the same old thing despite the newer codebase which is affected, which adds more twists. Just because somebody cracked a box in a lab does NOT constitute a good reason for spreading alarm and panic. I don't use Microsoft products, or Distributions as servers. I don't even have a cache which can be poisoned. I don't provide recursive DNS to the public. My DNS server will reject out of zone queries. I don't need dnssec. Source ports are randomized by design in my software. Everything is behind firewalls on Nat. And I use HLFS. You are crying wolf again. Take a Valium. Marty B. -- Electile Dysfunction : the inability to become aroused over any of the choices for President put forth by either party in the 2008 election.
signature.asc
Description: OpenPGP digital signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
