[nsp-sec] Solutions for the DNS vul?
Jose Nazario
jose at arbor.net
Thu Jul 24 07:35:05 EDT 2008
On Thu, 24 Jul 2008, Yonglin ZHOU wrote:
> Beside patching the dns servers, any other supplementary
> countermeasures?
NAT/PAT devices that can randomize the source port independent of the
client on the other side of it should help provide that sport
randomization that the patches add. OpenBSD's PF can do this, as an
example, i don't know which other NAT/PAT devices can. here's how it looks
in OpenBSD:
http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________
--
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO, arbor networks
v: (734) 821 1427 http://asert.arbornetworks.com/
More information about the nsp-security
mailing list