From owner-freebsd-security Wed May 24 22:18:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with SMTP id 8FA0E37B66E for ; Wed, 24 May 2000 22:18:05 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 23152 invoked by uid 1000); 25 May 2000 05:17:57 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 25 May 2000 05:17:57 -0000 Date: Thu, 25 May 2000 00:17:57 -0500 (CDT) From: Mike Silbersack To: Klaus Steden Cc: freebsd-security@freebsd.org Subject: Re: named, and socket bindings In-Reply-To: <20000525005653.X6137@cthulu.compt.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 25 May 2000, Klaus Steden wrote: > I was playing a bit with 'sockstat' on the FreeBSD 3.4 boxen we have around > here that offer name service. > > On both I noticed something that was, to me, a bit odd. The sockets that named > had bound were, as expected, the domain port on all the machine's interfaces, > but also, a random high UDP port. That's the port it uses as the source port for outgoing queries. Using a port other than 53 makes dns spoofing harder. I assume it changes the port, but I'm not sure at what interval. > I checked two BSDI boxes (4.0) and they don't seem to have the same situation. > What gives? Either they're running an old version of bind, or the option in named.conf to explicitly set the source port to 53 at all times has been enabled. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message