View Single Post
  #4   (View Single Post)  
Old 9th July 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

By default OpenBSD randomizes the ports used. The same randomization is done by djbdns.

The CERT advisory http://www.kb.cert.org/vuls/id/800113 contains three links to Daniel J. Bernstein web pages about DJBDNS and he is credited for the original idea of using randomized source ports.

BTW according to http://cr.yp.to/djbdns/forgery.html Bernstein predicted this issue already in 2001
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote