[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-members] [bug #43144] DNS should support source port randomization
From: |
Simon Goldschmidt |
Subject: |
[lwip-members] [bug #43144] DNS should support source port randomization |
Date: |
Thu, 04 Sep 2014 12:36:16 +0000 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36 |
URL:
<http://savannah.nongnu.org/bugs/?43144>
Summary: DNS should support source port randomization
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: goldsimon
Submitted on: Do 04 Sep 2014 12:36:15 GMT
Category: DNS
Severity: 3 - Normal
Item Group: Feature Request
Status: None
Privacy: Private
Assigned to: goldsimon
Open/Closed: Open
Discussion Lock: Any
Planned Release: 1.5.0
lwIP version: git head
_______________________________________________________
Details:
This is related to bug #42987 lwIP is vulnerable to DNS cache poisoning due to
non-randomized TXIDs
Message from address@hidden:
"We've discussed it some more internally, and
we strongly feel that there is also a need for source port
randomization. Per http://www.kb.cert.org/vuls/id/457875, the
attacker's chances of success are exponentially reduced when the source
ports are randomized. Since lwIP is a widely used library, it would be
ideal if its implementation had strong, well-known defenses against
these sorts of attacks.
We know that this likely requires more time and effort on your part, and
are willing to delay publication for a bit to see that this feature is
included."
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?43144>
_______________________________________________
Nachricht gesendet von/durch Savannah
http://savannah.nongnu.org/
- [lwip-members] [bug #43144] DNS should support source port randomization,
Simon Goldschmidt <=