Hello, On Monday, 2008 August 11 at 16:15:24 +0200, Pavol Rusnak wrote: > Hello! > > Recently there was an issue identified on DNS module about the need to > randomize the port selection. I'd like to know if this is already taken > care in NAT modules in iptables? Could you please let me know if port > selection is already randomized in these modules ? Yes, an option is available since 2.6.21. You can find some information here : http://software.inl.fr/trac/wiki/contribs/RandomSkype http://www.cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html BR, -- Eric Leblond INL: http://www.inl.fr/ NuFW: http://www.nufw.org/
Attachment:
signature.asc
Description: Digital signature
