From: bert hubert <[EMAIL PROTECTED]> Date: Mon, 15 Aug 2005 22:38:44 +0200
> Yes it does. Nameservers also need to send outgoing packets. The DNS > 'keyspace' for response spoofing is a sad 16 bits, there are two bytes > available in the DNS packet. By randomising the source port, another 16 bits > are added to this keyspace. But that's still going to be 48-bits less protection than TCP gives you. TCP has a sequence number (32-bits) and a timestamp (another 32-bits) as well as the saddr/daddr/ sport/dport 48-bit tuple. UDP only has saddr/daddr/sport/dport, and that's it. Even your 16-bit key in the user component doesn't help much at all. I don't know... if someone wants to look into the implementation and it doesn't look too complicated, I'll probably accept the patch, but there's no way I'm wasting my time working on this :-) - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
