| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andrew Sullivan <ajs(at)commandprompt(dot)com>, pgsql-www(at)postgresql(dot)org |
| Subject: | Re: Insecure DNS servers on PG infrastructure |
| Date: | 2008-07-27 18:34:30 |
| Message-ID: | 488CBFB6.6000207@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
Tom Lane wrote:
> Andrew Sullivan <ajs(at)commandprompt(dot)com> writes:
>> On Fri, Jul 25, 2008 at 11:02:03AM -0400, Tom Lane wrote:
>>> If it says FAIR or POOR then you have an unpatched server or there
>>> is something interfering with the port randomization. If the server
>>> is behind a NAT firewall then the latter is entirely likely.
>
>> There's no reason that a NAT should do that, if the device is
>> competently built: if you randomise source ports on the inside, the
>> NAT device could just use the same port on the outside.
Tom can you check if this has been resolved? If not I am going to start
paging people.
Joshua D. Drake
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-07-27 18:52:26 | Re: Insecure DNS servers on PG infrastructure |
| Previous Message | Andrew Sullivan | 2008-07-25 22:04:48 | Re: Insecure DNS servers on PG infrastructure |