|
From: | Simon Goldschmidt |
Subject: | [lwip-devel] [bug #42987] lwIP is vulnerable to DNS cache poisoning due to non-randomized TXIDs |
Date: | Fri, 15 Aug 2014 08:01:54 +0000 |
User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
Follow-up Comment #2, bug #42987 (project lwip): I'd fix this by randomizing TXID. Other implementations seem to toggle name capitalization and UDP source ports, too. Is there any real benefit in doing so? At least toggeling the UDP source port seems overkill to me for a 'lightweight' stack... _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?42987> _______________________________________________ Nachricht gesendet von/durch Savannah http://savannah.nongnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |