Re: Insecure DNS servers on PG infrastructure

From: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Andrew Sullivan <ajs(at)commandprompt(dot)com>, pgsql-www(at)postgresql(dot)org
Subject: Re: Insecure DNS servers on PG infrastructure
Date: 2008-07-27 18:34:30
Message-ID: 488CBFB6.6000207@commandprompt.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-www

Tom Lane wrote:
> Andrew Sullivan <ajs(at)commandprompt(dot)com> writes:
>> On Fri, Jul 25, 2008 at 11:02:03AM -0400, Tom Lane wrote:
>>> If it says FAIR or POOR then you have an unpatched server or there
>>> is something interfering with the port randomization. If the server
>>> is behind a NAT firewall then the latter is entirely likely.
>
>> There's no reason that a NAT should do that, if the device is
>> competently built: if you randomise source ports on the inside, the
>> NAT device could just use the same port on the outside.

Tom can you check if this has been resolved? If not I am going to start
paging people.

Joshua D. Drake

In response to

Responses

Browse pgsql-www by date

  From Date Subject
Next Message Tom Lane 2008-07-27 18:52:26 Re: Insecure DNS servers on PG infrastructure
Previous Message Andrew Sullivan 2008-07-25 22:04:48 Re: Insecure DNS servers on PG infrastructure