Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion
search
Home Agent Weblogs Social Network Post Help About


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Full Disclosure: DNS and Checkpoint. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Full Disclosure: DNS and Checkpoint
by Decius at 4:54 pm EDT, Jul 9, 2008

I've had a report from someone with clue (and tcpdump) that a properly functioning DNS resolver that correctly uses randomised source ports
magically becomes vulnerable once the traffic's passed through a
Checkpoint firewall.

This is a very interesting observation that isn't constrained to Checkpoint... any NAT device that your DNS requests go through might steal any entropy your machine employed in selecting your source UDP port. There is no simple solution. The hacks on top of hacks on top of hacks here might just be near the collapsing point.

Link - Reply

  
 
Powered By Industrial Memetics