BIND Port Randomization
Ryan Sharpe
rsharpe at largnet.on.ca
Fri Jul 25 13:19:02 UTC 2008
In response to the Errta RHSA-2008:0533 I have installed the updated ISC
Bind packages from Red Hat as well as updated the selinux targeted policy.
However when I test the server using http://www.doxpara.com/ it still
shows up as being vulnerable to DNS cache poisoning.
Before this I had SELinux completely disabled, so I though I may need to
turn it on. I have since set it to permissive mode and rebooted, but still
the DNS source ports aren't randomizing. So again I changed the mode to
enforcing, but still when I run the test it shows that I am vulnerable.
What am I missing, is there a BIND directive I need?
Ryan Sharpe, CCNA
Technical Analyst
LARG*net
(519) 661-2111 x 86356
support pager: (519) 690-3216
More information about the redhat-sysadmin-list
mailing list