LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Source port UDP randomization

Source port UDP randomization

Posted Jul 9, 2008 7:39 UTC (Wed) by mjcox@redhat.com (subscriber, #31775)
Parent article: Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released (Securosis.com) 

The upstream kernel got source port UDP randomization (where no port is specified) in 2.6.24.
You can see this in practice by testing distributions like Fedora 8 or 9 where the glibc stub
resolver will use a different source port on each request, therefore mitigating this issue.
Users of older kernels will either need a backported patch to add this functionality, or
changes to glibc if they want UDP source port randomization. 

Upstream commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-...

(Log in to post comments)

Source port UDP randomization

Posted Jul 9, 2008 12:42 UTC (Wed) by shane (subscriber, #3335) [Link] 

BIND uses it's own port selection algorithm. Anyone concerned about portability and security
would too (or would check for port randomness in the configure script).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds