Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

2008-07-08 Thread Josip Rodin
On Tue, Jul 08, 2008 at 07:05:29PM +0200, Florian Weimer wrote: > Package: glibc > > At this time, it is not possible to implement the recommended > countermeasures in the GNU libc stub resolver. The following > workarounds are available: > > 1. Install a local BIND 9 resoler on the host

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

2008-07-08 Thread Florian Weimer
* Josip Rodin: > Why is this phrased in a way that it prefers BIND as a recursive resolver, > when that same software was *only just* patched to be acceptable for the > same purpose? PowerDNS is not available on all architectures, and Unbound and tinydns are not part of etch. So it's lack of alt

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

2008-07-08 Thread Josip Rodin
On Tue, Jul 08, 2008 at 07:50:44PM +0200, Florian Weimer wrote: > > Why is this phrased in a way that it prefers BIND as a recursive resolver, > > when that same software was *only just* patched to be acceptable for the > > same purpose? > > PowerDNS is not available on all architectures, and Unbo

jacques ivanes souhaite chatter

2008-07-08 Thread jacques ivanes
--- jacques ivanes souhaite rester en contact avec vous et communiquer plus facilement grâce aux tout derniers produits proposés par Google. Si vous possédez déjà un compte Gmail ou un compte Google Talk, consultez la page suivant

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

2008-07-08 Thread Mert Dirik
Florian Weimer yazmış: > * Josip Rodin: > >> Why is this phrased in a way that it prefers BIND as a recursive resolver, >> when that same software was *only just* patched to be acceptable for the >> same purpose? > > PowerDNS is not available on all architectures, and Unbound and tinydns > are no

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

2008-07-08 Thread Florian Weimer
* Mert Dirik: >> PowerDNS is not available on all architectures, and Unbound and tinydns >> are not part of etch. >> >> So it's lack of alternatives, more or less. > I don't really know much about these things but can't maradns MaraDNS could be used, I think. However, I'm not familiar with tha

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

2008-07-08 Thread Henrique de Moraes Holschuh
On Tue, 08 Jul 2008, Florian Weimer wrote: > 1. Install a local BIND 9 resoler on the host, possibly in > forward-only mode. BIND 9 will then use source port randomization > when sending queries over the network. (Other caching resolvers can > be used instead.) > > 2. Rely on IP address spoofing

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

2008-07-08 Thread Nick Boyce
Debian Security Team wrote: At this time, it is not possible to implement the recommended countermeasures in the GNU libc stub resolver. The following workarounds are available: 1. Install a local BIND 9 resolver on the host, possibly in forward-only mode. Uh .. is there any documentation

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

2008-07-08 Thread Rick Moen
Quoting Josip Rodin ([EMAIL PROTECTED]): > Why is this phrased in a way that it prefers BIND as a recursive resolver, > when that same software was *only just* patched to be acceptable for the > same purpose? Although I'm not much of a BIND9 fan -- it remains RAM-hogging, slow, overfeatured, and

Sell Cisco Systems equipment items

2008-07-08 Thread [EMAIL PROTECTED]
Hello, We have following original Cisco,Card,GBIC/SFP,WIC,cables items for sale If you are interested, pls feel free to contact me. example of the products: CWDM-SFP-1G 39dB (Ultra long-haul)--1510nm,1530nm,1550nm,1570nm,1590nm,1610nm WS-G5483, GLC-SX-MM SFP-GE-L WS-G5487, WS-G5484, WS-G5486