Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Quoting Vincent Deffontaines ([EMAIL PROTECTED]): > No I confirm NAT source port randomization was included in 2.6.21 as far > as Netfilter NAT is concerned. > Commit is : > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=41f4689a7c8cd76b77864461b3c58fde8f322b2c > > Th

Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Rick Moen a écrit : > Quoting Vincent Deffontaines ([EMAIL PROTECTED]): > >> And the Linux kernel (Netfilter) implements NAT source port >> randomization >> since 2.6.21, which can make it a conveninent way to protect your natted >> hosts without any patching. >> >> See http://software.inl.fr/trac

Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Quoting Vincent Deffontaines ([EMAIL PROTECTED]): > And the Linux kernel (Netfilter) implements NAT source port randomization > since 2.6.21, which can make it a conveninent way to protect your natted > hosts without any patching. > > See http://software.inl.fr/trac/wiki/contribs/RandomSkype for

Re: [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Moritz Muehlenhoff a écrit : > Hideki Yamane wrote: >>> The 2.6.24 >>> kernel available since the last etch point release offers some >>> protection as well. >> >> Umm? This is NEW information for me. Could you give me any references? >> (certainly if you can disclosure. It is a sensitive issue