[EMAIL PROTECTED] (Phil Regnauld) writes:
Case in point, we've got customers running around in circles
screaming we need to upgrade, please help us upgrade NOW,
but they have _3_ layers of routers and firewalls that are hardcoded to
only allow DNS queries from port 53.
On Tue, 22 Jul 2008 08:00:51 -0500
Jorge Amodio [EMAIL PROTECTED] wrote:
It has been public for a while now. Even on the print media, there
are some articles about it on the latest Computerworld mag without
giving too much detail about how to exploit it.
ie PATCH NOW !!!
Kaminsky's blog
Let me add that folks need to understand that the patch is not a fix to a
problem that has been there for long time and
it is just a workaround to reduce the chances for a potential
attack, and it must be combined with best practices and
recommendations to implent a more robust DNS setup.
There
On 23 Jul 2008, at 12:16, Jorge Amodio wrote:
Let me add that folks need to understand that the patch is not a
fix to a
problem that has been there for long time and
it is just a workaround to reduce the chances for a potential
attack, and it must be combined with best practices and
After a bit of looking around, I have not been able to find a list of
firewalls/versions which are known to provide appropriate randomness in
their PAT algorithms (or more importantly, those that do not).
I would be very interested in such a list if anyone knows of one.
As a side note, most
FWIW, anyone using iptables for NAT can use --random, e.g.:
iptables -t nat -A POSTROUTING -o ethX -j SNAT --to x.x.x.x --random
Useful for Linux NAT/load-balancer boxes, or for Linux-powered embedded
devices where the vendor has not been forthcoming with a firmware patch
to alter the rules they
matasano blogged about it
cache of the original post here..
http://beezari.livejournal.com/
matasano apologizes here
http://www.matasano.com/log/1105/regarding-the-post-on-chargen-earlier-today/
dan posts (13 - 0) 13 days left to blackhat opposed to the 0 days since the
details were discussed
It has been public for a while now. Even on the print media, there are some
articles about it on the latest Computerworld mag without giving too much
detail about how to exploit it.
ie PATCH NOW !!!
Cheers
Jorge
8 matches
Mail list logo
