digg
Facebook Connect Join Digg About Login- Technology more
- World & Business more
- Science more
- Gaming more
- Lifestyle more
- Entertainment more
- Sports more
- Offbeat more
Stopping Kaminsky's DNS Attack with One iptables Rule
cipherdyne.org — Dan Kaminky's DNS cache poisoning attack will be released in detail at the upcoming Blackhat Briefings, so the exact details are not public yet. However, predictable UDP source ports chosen by bind are at the heart of the problem, so a single iptables "SNAT --random" rule can thwart such attacks for DNS servers protected by iptables.
- 6 diggs
- digg
What is Digg?
Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.
- Site Links
- Home
- Take a Tour
- Search Digg
- Digg Mobile
- RSS Feeds
- Popular Archive
- All About Digg
- About Us
- Contact Us
- Community Guidelines
- The Digg Blog
- Digg Townhalls & Meetups
- Jobs at Digg
- Advertise on Digg
- Diggnation Podcast
- Digg Store
- Get hats, shirts, hoodies, stickers, and more at the Digg Store.
- Digg Dialogg!
- Digg Dialogg lets you choose the questions.
- The Big Turn On: DiggTV
-
Catch all of your favorite Digg shows in one place at DiggTV! Watch Diggnation, The Digg Reel, Digg Dialogg & more!
© Digg Inc. 2009
— Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.