Is there any increased visibility of a need for this feature; given
the recent DNS vulnerability discussions. I have clients who are
patching their DNS servers to provide source-port randomization, but
are behind NAT which renders such randomization moot.
Cheers,
Dave.
On Jun 13, 2008, at 4:25 AM, Darren Reed wrote:
Jeremy C. Reed wrote:
I have:
map ral0 from any port = 4791 to any -> 0/32 portmap tcp/udp
5000:60000
As documented in man page I see it does use incremental port
numbers for the new port (5000, 5001, 5002, ... as seen with
tcpdump.)
Anyway to randomize my new source port?
Not yet.
If you'd like to add a random port feature, my preference would be
for it
to be added to the active development version of IPFilter that you can
get from CVS on sourceforge.net/projects/ipfilter/ but all code
contributions
are welcome :)
Cheers,
Darren
