On Tue, Jul 22, 2008 at 05:52:42PM +0200, Oliver Fromme wrote: > I'm curious, is djbdns exploitable, too? Does it randomize > the source ports of UDP queries?
Apparently, djbdns had randomization of the source ports a long time ago... > > Of course, all solutions that randomize ports are really just > > "security by obscurity," because by shuffling ports you're hiding the > > way to poison your cache... a little. > > True, but there is currently no better solution, AFAIK. > The problem is inherent in the way DNS queries work. Yes indeed. If I understand all this correctly, it's because the transaction ID that has to be sent back is only 2 bytes long, and if the query port doesn't change as well with every query, that can be cracked in milliseconds: sending 65536 DNS queries to a constant port is just way too easy! The namespace is way too small, and there's no way to fix this by switching to, say, 4 bytes or even more for the transaction ID without breaking existing resolvers; actually without breaking the protocol itself. > Best regards > Oliver cpghost. -- Cordula's Web. http://www.cordula.ws/ _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"