Patch DNS Servers Faster 145
51mon writes "Austrian CERT used data from one of their authoritative DNS server to measure the rate at which the latest DNS patch (source port randomization) is being rolled out to larger recursive name servers. While about half the traffic (PDF) they receive is now using source port randomization, their data suggest that this is due to ISPs who roll out such fixes immediately. The rate of patching has fallen to disappointingly low levels since. If your ISP isn't patched, perhaps it is time to switch." After details of the DNS vulnerability leaked, researchers |)ruid and HD Moore released attack code; ZDNet's security blog has an analysis.
It must suck to be gnu.org! (Score:1, Funny)
Fortunately my domain name is not recursive therefore I am safe.
Re:Monopoly (Score:2, Funny)
RTFM (Score:0, Funny)
It's a setting found when you RTFM!!. Try Google, in fact I recommend also visiting this site http://www.justfuckinggoogleit.com/ [justfuckinggoogleit.com]. Yes that's a real site, it's safe to visit, and it's very funny although somehow you yourself might not think so.
So yes, for common knowledge that is easily looked up via Google, remember that RTFM stands for READ THE FUCKING MANUAL and Google is a great method of fulfilling "manual". Thank you.
Oops. (Score:5, Funny)
Re:Rediculious requirements (Score:5, Funny)
That is not the case at all. First off, on outbound requests, the destination port is still 53. The _source_ port is what gets randomized. On inbound replies to the randomized port, your stateful firewall will see this as an ESTABLISHED connection and you can safely let it in without blindly opening up the entire UDP port space.
You _are_ running a stateful firewall, right? Its not 1998 anymore.
-molo
Re:Easier Said Than Done (Score:3, Funny)
When your core network infrastructure goes tits up your phone tends to light up like a christmas tree.
Not if it is an IP phone!
Re:Switch DNS Servers, NOT ISPs (Score:1, Funny)
That is irony.