[conspire] DNS vulnerability details

Ruben Safir ruben at mrbrklyn.com
Fri Jul 25 15:59:55 PDT 2008

On Thu, Jul 24, 2008 at 08:23:41AM -0700, Rick Moen wrote:
> Quoting Ruben Safir (ruben at mrbrklyn.com):
> > If the name server is using random ports how does the resolver know
> > where to find it.  I'm not likely to rewrite firefox.
> I was actually talking about random _source_ ports for the outgoing
> service _request_.  You're right that having the service offered on
> (listened for on) a random port would certainly not work.

With due respect, I fail to see how random outgoing ports will provide more security,
The server is still listening on a single know port and send responses from a random
port (one that is hopefully not being used for vnc) but to connect to a known client

In of itself, how is that going to help security?


> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire

http://www.mrbrklyn.com - Interesting Stuff
http://www.nylxs.com - Leadership Development in Free Software

So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world  - RI Safir 1998

http://fairuse.nylxs.com  DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002

"Yeah - I write Free Software...so SUE ME"

"The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society."

"> I'm an engineer. I choose the best tool for the job, politics be damned.<
You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt.  I guess you missed that one."

© Copyright for the Digital Millennium

More information about the conspire mailing list