On Mon, Jul 21, 2008 at 4:58 AM, sai <[EMAIL PROTECTED]> wrote: > checkpoint firewalls seem to have a problem in not randomising (or > even de-randomising) dns request source port [1] > > do we have a similar problem with pfSense? > I did 3 digs to 198.6.1.1, 198.6.1.2 and 198.6.1.3 ( I have 2 isps, > load balanced) > > pfctl -ss (to see the states) > > self udp 10.60.60.10:33306 -> a.b.c.d:51192 -> 198.6.1.1:53 > MULTIPLE:SINGLE > self udp 10.60.60.10:33306 -> e.f.g.h:57512 -> 198.6.1.2:53 > MULTIPLE:SINGLE > self udp 10.60.60.10:33306 -> a.b.c.d:56970 -> 198.6.1.3:53 > MULTIPLE:SINGLE > > self udp 198.6.1.1:53 <- 10.60.60.10:33306 SINGLE:MULTIPLE > self udp 198.6.1.2:53 <- 10.60.60.10:33306 SINGLE:MULTIPLE > self udp 198.6.1.3:53 <- 10.60.60.10:33306 SINGLE:MULTIPLE > > looks like my (linux) box is sending source only set to port 33306 > (bad linux, bad) but pfSense is randomising it just fine. yes I know > that this is not a statistically valid data set, and the port range is > quite limited, but it looks ok. > > could one of the devs confirm that dns cache problem is mitigated ? > > sai > > refs: > [1] http://seclists.org/fulldisclosure/2008/Jul/0104.html > [2] > http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html > [3] https://www.dns-oarc.net/oarc/services/porttest
See http://blog.pfsense.org/?p=210 Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
