Kyle Drake wrote:
Regarding the new DNS cache poisoning problems: I was told that the
way they resolved the problem was to randomize the source ports. I was
wondering if I needed to make any changes to PF firewall, as I'm
currently running DNS through a single port (TCP/UDP domain port). I
have a strict firewall policy that only allows specified ports, but
should I change this?
Also I'm using MaraDNS, if that helps.
Thanks!
-Kyle
Hi Kyle,
MaraDNS was already using randomization. Leave PF the way it was, you
are good to go.
http://maradns.blogspot.com/2008/07/maradns-is-immune-to-new-cache.html
You can check if you are vulnerable at : www.doxpara.com.