BIND update?
Oliver Fromme
olli at lurza.secnetix.de
Wed Jul 9 10:54:06 UTC 2008
Andrew Storms wrote:
> http://www.isc.org/index.pl?/sw/bind/bind-security.php
I'm just wondering ...
ISC's patches cause source ports to be randomized, thus
making it more difficult to spoof response packets.
But doesn't FreeBSD already randomize source ports by
default? So, do FreeBSD systems require to be patched
at all?
Best regards
Oliver
PS:
$ sysctl net.inet.ip.portrange.randomized
net.inet.ip.portrange.randomized: 1
$ sysctl -d net.inet.ip.portrange.randomized
net.inet.ip.portrange.randomized: Enable random port allocation
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
It's trivial to make fun of Microsoft products,
but it takes a real man to make them work,
and a God to make them do anything useful.
More information about the freebsd-security
mailing list