Re: Source port randomisation on NetBSD?

To: Geert Hendrickx <ghen%telenet.be@localhost>
Subject: Re: Source port randomisation on NetBSD?
From: Stephane Bortzmeyer <stephane+netbsd%bortzmeyer.org@localhost>
Date: Sun, 24 Oct 2010 20:54:21 +0200

On Sun, Oct 24, 2010 at 07:28:30PM +0200,
 Geert Hendrickx <ghen%telenet.be@localhost> wrote 
 a message of 25 lines which said:

> ipfilter/ipnat can do source port randomisation on NetBSD (since the
> Kaminsky DNS issue).

I must confess it is a bit terse to me. Does it mean that you need to
enable the firewall on the NetBSD machine, and scramble packets which
were generated with a predictable port number? It seems odd. (Unless
you refer only to NetBSD-as-a-router, while I was talking about
NetBSD-as-a-host.)

Also, ipnat(8) and ipnat(5), on a 5.0.1 machine, do not seem to
explain about how to do it (and Google was not my friend here).

Follow-Ups:
- Re: Source port randomisation on NetBSD?
  - From: John Nemeth

References:
- Source port randomisation on NetBSD?
  - From: Stephane Bortzmeyer
- Re: Source port randomisation on NetBSD?
  - From: Geert Hendrickx

Prev by Date: Re: Source port randomisation on NetBSD?
Next by Date: Re: Source port randomisation on NetBSD?
Previous by Thread: Re: Source port randomisation on NetBSD?
Next by Thread: Re: Source port randomisation on NetBSD?
Indexes:

Home | Main Index | Thread Index | Old Index