[conspire] DNS vulnerability details
Ruben Safir
ruben at mrbrklyn.com
Fri Jul 25 15:59:55 PDT 2008
On Thu, Jul 24, 2008 at 08:23:41AM -0700, Rick Moen wrote:
> Quoting Ruben Safir (ruben at mrbrklyn.com):
>
> > If the name server is using random ports how does the resolver know
> > where to find it. I'm not likely to rewrite firefox.
>
> I was actually talking about random _source_ ports for the outgoing
> service _request_. You're right that having the service offered on
> (listened for on) a random port would certainly not work.
>
With due respect, I fail to see how random outgoing ports will provide more security,
The server is still listening on a single know port and send responses from a random
port (one that is hopefully not being used for vnc) but to connect to a known client
port.
In of itself, how is that going to help security?
Ruben
>
> _______________________________________________
> conspire mailing list
> conspire at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/conspire
--
http://www.mrbrklyn.com - Interesting Stuff
http://www.nylxs.com - Leadership Development in Free Software
So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998
http://fairuse.nylxs.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
"Yeah - I write Free Software...so SUE ME"
"The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society."
"> I'm an engineer. I choose the best tool for the job, politics be damned.<
You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one."
© Copyright for the Digital Millennium
More information about the conspire
mailing list