oss-sec mailing list archives
Re: DNS vulnerability: other relevant software
From: Eugene Teo <eteo () redhat com>
Date: Thu, 10 Jul 2008 17:44:45 +0800
Eugene Teo wrote:
Eugene Teo wrote:Florian Weimer wrote:* Mark J. Cox:Additionally, Debian has noted (DSA 1605-1) that the GNU libc stub resolver could benefit from random query source ports as well, but no patches are currently available to implement this:Note that GNU libc stub resolver when used with a recent kernel (2.6.24+) will give you random UDP source ports on each request because of this Linux commit: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=32c1da70810017a98aa6c431a5494a302b6b9a30Is net_random() cryptographically secure? The paper referenced in the source doesn't talk about this.It isn't. It's actually a 32-bit pseudo-random number generator AFAIK.
So I spoke to Dave Miller. He said that it is not "cryptographically secure" to his knowledge, but in his opinion, it is good enough for port randomisation. Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- DNS vulnerability: other relevant software Matthias Geerdsen (Jul 09)
- Re: DNS vulnerability: other relevant software The Fungi (Jul 09)
- Re: DNS vulnerability: other relevant software Mark J Cox (Jul 09)
- Re: DNS vulnerability: other relevant software Florian Weimer (Jul 09)
- Re: DNS vulnerability: other relevant software Eugene Teo (Jul 09)
- Re: DNS vulnerability: other relevant software Eugene Teo (Jul 09)
- Re: DNS vulnerability: other relevant software Eugene Teo (Jul 10)
- Re: DNS vulnerability: other relevant software Nathanael Hoyle (Jul 10)
- Re: DNS vulnerability: other relevant software Bernhard R. Link (Jul 11)
- Re: DNS vulnerability: other relevant software Nathanael Hoyle (Jul 11)
- Re: DNS vulnerability: other relevant software Florian Weimer (Jul 13)
- Re: DNS vulnerability: other relevant software Mark J Cox (Jul 09)
- Re: DNS vulnerability: other relevant software The Fungi (Jul 09)
- Re: DNS vulnerability: other relevant software Florian Weimer (Jul 12)
- Re: DNS vulnerability: other relevant software Eugene Teo (Jul 09)