On Mon, Jul 28, 2008 at 12:50:42PM -0400, Robert Edmonds wrote:
from my testing (by repeatedly calling dns.resolver.query), dnspython
opens a new socket for each query. on my kernel (2.6.25) the source
port numbers appear to be random, but maybe this is a kernel feature
introduced
On 28 Jul 2008, at 09:50, Robert Edmonds wrote:
[ i am CC'ing the upstream author, Bob Halley. Bob, are you
planning a
fix to bring dnspython in line with forgery-resilience? ]
I haven't been rushing to make a fix because dnspython is a stub
resolver (typically cacheless) and is thus
severity 492465 important
thanks
Hi Robert,
On Monday 28 July 2008 07:27, Robert Edmonds wrote:
python-dnspython isn't a dns cache. it may be susceptible to forgery
resilience issues though. the qid field is explicitly randomized (but
with the standard library rng).
Yes - as I understand
[ i am CC'ing the upstream author, Bob Halley. Bob, are you planning a
fix to bring dnspython in line with forgery-resilience? ]
Thijs Kinkhorst wrote:
severity 492465 important
thanks
Hi Robert,
On Monday 28 July 2008 07:27, Robert Edmonds wrote:
python-dnspython isn't a dns cache.
Thijs Kinkhorst wrote:
Package: python-dnspython
Version: 1.3.5-3.1 1.6.0-1
Severity: grave
Tags: security
Hi,
From inspecting the code of dnspython, it seems that it is not using the
recommended source port randomisation for countering the cache poisoning
attack as discovered by Dan
Package: python-dnspython
Version: 1.3.5-3.1 1.6.0-1
Severity: grave
Tags: security
Hi,
From inspecting the code of dnspython, it seems that it is not using the
recommended source port randomisation for countering the cache poisoning
attack as discovered by Dan Kaminski and referenced as
6 matches
Mail list logo
