On 6/10/19 10:18 AM, Barry Margolin wrote:
Why would the original source port be close to any of these low port numbers? Source ports should normally be ephemeral ports.
There has been some movement afoot in the last 10 years or so to use more of the 65,535 ports as the source port for security reasons.
The motivation behind it is to add additional bits of entropy to make it harder to predict and spoof a reply.
Steve Gibson has a good page with a lot of the details. At least explaining the mentality behind it. I don't have the skills to judge it.
Link - DNS Nameserver Spoofability Test - https://www.grc.com/dns/dns.htm -- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
