BIND update?
Jille Timmmermans
jille at hexon.cx
Wed Jul 9 12:16:17 UTC 2008
Those sysctl apply to sockets that don't get bind(2), or bind(2) to port 0.
(Wild guess ahead!)
BIND probably always binds to the same port, or uses the same socket, etc
-- Jille
Oliver Fromme wrote:
> Andrew Storms wrote:
> > http://www.isc.org/index.pl?/sw/bind/bind-security.php
>
> I'm just wondering ...
>
> ISC's patches cause source ports to be randomized, thus
> making it more difficult to spoof response packets.
>
> But doesn't FreeBSD already randomize source ports by
> default? So, do FreeBSD systems require to be patched
> at all?
>
> Best regards
> Oliver
>
> PS:
> $ sysctl net.inet.ip.portrange.randomized
> net.inet.ip.portrange.randomized: 1
> $ sysctl -d net.inet.ip.portrange.randomized
> net.inet.ip.portrange.randomized: Enable random port allocation
>
>
More information about the freebsd-security
mailing list