checkpoint firewalls seem to have a problem in not randomising (or even de-randomising) dns request source port [1]
do we have a similar problem with pfSense? I did 3 digs to 198.6.1.1, 198.6.1.2 and 198.6.1.3 ( I have 2 isps, load balanced) pfctl -ss (to see the states) self udp 10.60.60.10:33306 -> a.b.c.d:51192 -> 198.6.1.1:53 MULTIPLE:SINGLE self udp 10.60.60.10:33306 -> e.f.g.h:57512 -> 198.6.1.2:53 MULTIPLE:SINGLE self udp 10.60.60.10:33306 -> a.b.c.d:56970 -> 198.6.1.3:53 MULTIPLE:SINGLE self udp 198.6.1.1:53 <- 10.60.60.10:33306 SINGLE:MULTIPLE self udp 198.6.1.2:53 <- 10.60.60.10:33306 SINGLE:MULTIPLE self udp 198.6.1.3:53 <- 10.60.60.10:33306 SINGLE:MULTIPLE looks like my (linux) box is sending source only set to port 33306 (bad linux, bad) but pfSense is randomising it just fine. yes I know that this is not a statistically valid data set, and the port range is quite limited, but it looks ok. could one of the devs confirm that dns cache problem is mitigated ? sai refs: [1] http://seclists.org/fulldisclosure/2008/Jul/0104.html [2] http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html [3] https://www.dns-oarc.net/oarc/services/porttest --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
