Re: Risks of patched servers behind de-randomizing NAT
On Fri, Aug 01, 2008 at 06:43:25AM -0500, Kirk wrote:[color=blue]
> After upgrading these servers to the latest patched version of BIND, I
> tried the porttest query to test randomization. Well, both got POOR
> ratings. This led me to believe that my PIX was the culprit.[/color]
I've seen the same thing on our PIX, even with "id-randomization"
set. The source ports are randomized, but very poorly.
<t(Trey)@(Valenta)trey.net> Seattle, Wash.
Q: Why did the astrophysicist order three hamburgers?
A: Because he was hungry.