Stopping Kaminsky's DNS Attack with One iptables Rule

cipherdyne.org — Dan Kaminky's DNS cache poisoning attack will be released in detail at the upcoming Blackhat Briefings, so the exact details are not public yet. However, predictable UDP source ports chosen by bind are at the heart of the problem, so a single iptables "SNAT --random" rule can thwart such attacks for DNS servers protected by iptables. Jul 15, 2008 View in Crawl 4

Bury

0 Comments

No comments yet

It's quiet in here... can you hear the echo?

No more comments on this story. Add your own!

or Join Digg!

Reply to this thread

Submitted by

Michael Rash 2 Followers

See all from michaelrash

Top News in all Topics

What The Pushback On Obama’s Spending Claim Ignores

Romney campaign quietly scrubs all mentions of anti-labor adviser Peter Schaumber

15 Comical Umpire Punch-Outs (Videos)

New Discovery Shows Milky Way's Supermassive Black Hole Much More Violent in the Past

Steve Jobs Was an Awesome Flip-Flopper, Says Tim Cook

Domestic Violence: An Urgent Humanitarian Crisis

Blitzer to Trump: You Look 'Ridiculous' on This Birther Stuff

Least Popular Hotel Perks

Celebrate the Golden Gate’s 75th anniversary…with dubstep (Vid)

What Was the Jersey Devil?

©Digg