Hi everyone, By now everyone should know there are some big issues around the DNS system. The most important fix seems to be that servers apply source port randomization to their traffic. The problem is that many NAT firewalls undo the randomization. By default Vuurmuur and the underlying iptables do that too. So I added support tonight for the --random option that can be used with the various NAT actions. This is available in the just released 0.5.74 alpha 6 release. There is one caveat: it will only work on recent kernels and iptables versions. For example Ubuntu Hardy is fine, but Debian Etch is already too old.
Get the new release here: ftp://ftp.vuurmuur.org/releases/0.5.74.alpha6/ Some more information: http://www.inliniac.net/blog/2008/07/25/support-for-source-port-randomization-in-vuurmuur.html http://cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html Please give this release a try! Regards, Victor ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
