[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DNS Vulnerbility...
 Date:  Thu, 24 Jul 2008 19:48:15 -0400
On Thu, Jul 24, 2008 at 6:29 PM, apiasecki at midatlanticbb dot com
<apiasecki at midatlanticbb dot com> wrote:
> Read the pfSenses lists, A LOT of discussion has been going on about this.
>

Not all relevant to m0n0wall.

The dnsmasq fix is a good thing to have, but now that the details are
out on this it's safe to say this is not directly relevant to this
specific issue since dnsmasq doesn't issue recursive queries.

I believe ipfilter will randomize source ports by default on NATed
traffic just like pf does, but I'm not sure of that. None of my
m0n0walls have a DNS server behind them that does recursion itself so
I haven't checked, and don't have one at hand to try.

-Chris