[pfSense-discussion] DNS resolver test

2008-07-22 Thread Eugen Leitl
http://www.provos.org/index.php?/pages/dnstest.html DNS Resolver Test For secure name resolution, it is important that your DNS resolver uses random source ports. The box below will tell you if there is something you need to worry about. Your DNS Resolver needs to be updated. If the box

Re: [pfSense-discussion] DNS resolver test

2008-07-22 Thread Scott Ullrich
On Tue, Jul 22, 2008 at 2:32 PM, Eugen Leitl [EMAIL PROTECTED] wrote: http://www.provos.org/index.php?/pages/dnstest.html DNS Resolver Test For secure name resolution, it is important that your DNS resolver uses random source ports. The box below will tell you if there is something you

[pfSense-discussion] obfuscated TCP; BTNS

2008-07-22 Thread Eugen Leitl
I'm highly clueless about *BSD matters, does anyone know of ongoing projects to make either http://code.google.com/p/obstcp/ or BTNS (IETF draft) happen on FreeBSD, so that pfSense can ultimatively profit from it? (In regards to BTNS, I've been told that connection latching has been in Solaris

Re: [pfSense-discussion] DNS resolver test

2008-07-22 Thread Chris Buechler
On Tue, Jul 22, 2008 at 2:32 PM, Eugen Leitl [EMAIL PROTECTED] wrote: http://www.provos.org/index.php?/pages/dnstest.html DNS Resolver Test For secure name resolution, it is important that your DNS resolver uses random source ports. The box below will tell you if there is something you

Re: [pfSense-discussion] DNS resolver test

2008-07-22 Thread Bill Marquette
On Tue, Jul 22, 2008 at 1:32 PM, Eugen Leitl [EMAIL PROTECTED] wrote: http://www.provos.org/index.php?/pages/dnstest.html DNS Resolver Test For secure name resolution, it is important that your DNS resolver uses random source ports. The box below will tell you if there is something you

Re: [pfSense-discussion] DNS resolver test

2008-07-22 Thread Chris Buechler
On Tue, Jul 22, 2008 at 4:48 PM, Chris Buechler [EMAIL PROTECTED] wrote: - if your recursive servers are behind pfSense doing NAT with a default NAT configuration, you're fine even *without* patching your DNS servers. Scratch that part depending on your DNS server - if it uses a single static