Re: Risks of patched servers behind de-randomizing NAT
> Can we get a reading from Those Who Know about how likely it is that
> BadGuys can trick a client inside such a firewall to facilitate an attack
> against an internal recursive server (said server can query through the
Hey, all you guys inside the firewall--you should totally click on this
hilarious URL! [url]http://www.evilwebpage.tld[/url]
It's pretty much that easy. Someone clicks, queries go out, answers
come back--and some of the answers are going to be poisoned.
A NAT router that obscures unpredictable source ports and reassigns
them to predictable ones is eliminating the best defense we have.
Evan Hunt -- [email]firstname.lastname@example.org[/email]
Internet Systems Consortium, Inc.