LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Recursive servers, but not proxy servers, affected.

Recursive servers, but not proxy servers, affected.

Posted Jul 10, 2008 12:19 UTC (Thu) by BenHutchings (subscriber, #37955)
In reply to: Recursive servers, but not proxy servers, affected. by nix
Parent article: Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released (Securosis.com) 

I suspect that the glibc stub resolver justs bind its socket to an unspecified port, which is
fairly random after the system has been running for a while (whereas BIND typically starts
shortly after the machine is booted). But an attacker can find out which source port you're
using if you ever send a query to a DNS server they control. If I understand correctly, the
source port needs to be randomised for each query (i.e. the resolver keeps re-binding to
specified random ports).

(Log in to post comments)

Recursive servers, but not proxy servers, affected.

Posted Jul 10, 2008 12:30 UTC (Thu) by nix (subscriber, #2304) [Link] 

Aha. It can't persist the socket but has to re-bind(). OK, glibc's not 
doing that.

(Can you tell I've not done much UDP stuff? I love the Internet: I can let 
my ignorance and incompetence hang out for all to see!)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds