lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #42987] lwIP is vulnerable to DNS cache poisoning due

From: Simon Goldschmidt
Subject: [lwip-devel] [bug #42987] lwIP is vulnerable to DNS cache poisoning due to non-randomized TXIDs
Date: Fri, 15 Aug 2014 08:01:54 +0000
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 
Follow-up Comment #2, bug #42987 (project lwip):

I'd fix this by randomizing TXID.

Other implementations seem to toggle name capitalization and UDP source ports,
too. Is there any real benefit in doing so? At least toggeling the UDP source
port seems overkill to me for a 'lightweight' stack...

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?42987>

_______________________________________________
  Nachricht gesendet von/durch Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]