On Mon, 11 Aug 2008 19:25:17 +0200
Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote:
> The Linux kernel implements UDP source port randomisation since 2.6.24:
>
> | This patch causes UDP port allocation to be randomized like TCP.
> | The earlier code would always choose same port (ie first empty list)
Quoting Vincent Deffontaines ([EMAIL PROTECTED]):
> No I confirm NAT source port randomization was included in 2.6.21 as far
> as Netfilter NAT is concerned.
> Commit is :
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=41f4689a7c8cd76b77864461b3c58fde8f322b2c
>
> Th
Rick Moen a écrit :
> Quoting Vincent Deffontaines ([EMAIL PROTECTED]):
>
>> And the Linux kernel (Netfilter) implements NAT source port
>> randomization
>> since 2.6.21, which can make it a conveninent way to protect your natted
>> hosts without any patching.
>>
>> See http://software.inl.fr/trac
Quoting Vincent Deffontaines ([EMAIL PROTECTED]):
> And the Linux kernel (Netfilter) implements NAT source port randomization
> since 2.6.21, which can make it a conveninent way to protect your natted
> hosts without any patching.
>
> See http://software.inl.fr/trac/wiki/contribs/RandomSkype for
Moritz Muehlenhoff a écrit :
> Hideki Yamane wrote:
>>> The 2.6.24
>>> kernel available since the last etch point release offers some
>>> protection as well.
>>
>> Umm? This is NEW information for me. Could you give me any references?
>> (certainly if you can disclosure. It is a sensitive issue
* Hideki Yamane:
> On Sun, 10 Aug 2008 22:11:05 +0200
> Florian Weimer <[EMAIL PROTECTED]> wrote:
>> The 2.6.24
>> kernel available since the last etch point release offers some
>> protection as well.
>
> Umm? This is NEW information for me. Could you give me any
> references?
It adds a weak fo
Hideki Yamane wrote:
>> The 2.6.24
>> kernel available since the last etch point release offers some
>> protection as well.
>
> Umm? This is NEW information for me. Could you give me any references?
> (certainly if you can disclosure. It is a sensitive issue.)
The Linux kernel implements UDP s
Quoting Hideki Yamane ([EMAIL PROTECTED]):
> I want to know that, too.
> Should ALL systems (servers or desktops/laptops) need to be installed
> and configure bind9 (or something) package, or need to wait for update?
My own preference is, indeed, to have one of the following as a local
recursi
Hi,
Thanks to Florian for this reply.
On Sun, 10 Aug 2008 22:11:05 +0200
Florian Weimer <[EMAIL PROTECTED]> wrote:
> The 2.6.24
> kernel available since the last etch point release offers some
> protection as well.
Umm? This is NEW information for me. Could you give me any references?
(certai
* Hideki Yamane:
> On Wed, 09 Jul 2008 03:55:27 +
> Nick Boyce <[EMAIL PROTECTED]> wrote:
>> Also, which Debian systems would otherwise use the libc stub resolver ?
>> All systems which *don't* have BIND installed ?
>
> I want to know that, too.
> Should ALL systems (servers or desktops/l
Hi security experts,
On Wed, 09 Jul 2008 03:55:27 +
Nick Boyce <[EMAIL PROTECTED]> wrote:
> Also, which Debian systems would otherwise use the libc stub resolver ?
> All systems which *don't* have BIND installed ?
I want to know that, too.
Should ALL systems (servers or desktops/laptops)
11 matches
Mail list logo
