Date: Thu, 25 May 2000 00:17:57 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Klaus Steden <klaus@compt.com> Cc: freebsd-security@freebsd.org Subject: Re: named, and socket bindings Message-ID: <Pine.BSF.4.21.0005250014400.23139-100000@achilles.silby.com> In-Reply-To: <20000525005653.X6137@cthulu.compt.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 25 May 2000, Klaus Steden wrote: > I was playing a bit with 'sockstat' on the FreeBSD 3.4 boxen we have around > here that offer name service. > > On both I noticed something that was, to me, a bit odd. The sockets that named > had bound were, as expected, the domain port on all the machine's interfaces, > but also, a random high UDP port. That's the port it uses as the source port for outgoing queries. Using a port other than 53 makes dns spoofing harder. I assume it changes the port, but I'm not sure at what interval. > I checked two BSDI boxes (4.0) and they don't seem to have the same situation. > What gives? Either they're running an old version of bind, or the option in named.conf to explicitly set the source port to 53 at all times has been enabled. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005250014400.23139-100000>