On Thu, 10 Jul 2008, Tim Clewlow wrote:
Assuming this is NOT a gateway, ie a single homed DNS.
nat on $ext_if proto udp from any to any port 53 -> ($ext_if)
That's the rule that works for me. You don't need to worry about tcp
because tcp is protected by its 32 bit initial sequence number.
On Thu, 10 Jul 2008, Tim Clewlow wrote:
Can you make a pf rule that NATs all outgoing udp queries from BIND
with
random source ports? That seems like it would have exactly the same
effect as BIND randomizing the source ports itself.
Assuming this is NOT a gateway, ie a single homed DNS.
Thi
On Wed, 9 Jul 2008, Mike Tancsa wrote:
At 06:54 AM 7/9/2008, Oliver Fromme wrote:
Andrew Storms wrote:
> http://www.isc.org/index.pl?/sw/bind/bind-security.php
I'm just wondering ...
ISC's patches cause source ports to be randomized, thus
making it more difficult to spoof response packets.
On Wed, 2 Jan 2008, Gunther Mayer wrote:
2. Convince Kris Kennaway to run his mysql benchmarks on a FreeBSD 8
system both with and without SSP to verify that there is no significant
slowdown.
Hmm, I guess Kris is not subscribed to -security? Maybe I'll have to post in
-questions then...
Ju
On Sun, 30 Dec 2007, Jeremie Le Hen wrote:
Either I'm doing something wrong, or we have gcc misconfigured and it's not
detecting that strcpy is a function which needs to be watched closedly.
Actually, you did nothing wrong. Except maybe not wasting time to look
at GCC info page ;).
% `-fs
On Fri, 28 Dec 2007, Gunther Mayer wrote:
Btw, I second the motion of having SSP enabled by default in FreeBSD, other
OS's have been doing this for years at a negligible performance overhead.
Gunther
It's too late to make that sort of change for FreeBSD 7.0, but I think
that's a good goal
On Mon, 30 Jan 2006, Peter Jeremy wrote:
If some burglar were to steal the
computer it most likely would be cut off from power.
If I knew that the computer had sensitive information that would be
lost to me if the computer got powered off, I would ensure that the
computer didn't lose power wh
On Thu, 27 Oct 2005, db wrote:
On Thursday 27 October 2005 06:35, you wrote:
I don't think it will ever be in FreeBSD, but I used ProPolice in the past:
I really hope it will. AFAIK OpenBSD implemented this in late 2002 when 3.2
was released. I can see why FreeBSD doesn't want software prote
On Fri, 22 Apr 2005, Jesper Wallin wrote:
Hello,
For some reason, I thought little about the "clear" command today.. Let's say
a privileged user (root) logs on, edit a sensitive file (e.g, a file
containing a password, running vipw, etc) .. then runs clear and logout. Then
anyone can press the s
On Tue, 5 Apr 2005, Jesper Wallin wrote:
Hi Mike,
First of all, thanks for your reply.. Nope, as far as I can see, I only
got 6 of those lines and nothing more.
I have a fxp0 in my other server, would you recommend me to switch the
NICs since the server using the xl0 got higher priority than the fx
On Tue, 5 Apr 2005, Jesper Wallin wrote:
Dear list,
A few days ago one of my machines were attacked by a DDoS-attack using UDP
on random ports.. When I later on analyzed the logs, I found this in my
dmesg:
xl0: initialization of the rx ring failed (55)
xl0: initialization of the rx ring failed (55)
11 matches
Mail list logo
