tag:blogger.com,1999:blog-2914337944584630860.post3863294902058662222..comments2008-11-10T11:23:47.827-08:00Jon Harthttp://www.blogger.com/profile/02857880233692933624noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-2914337944584630860.post-46223671694334383232008-11-05T22:06:00.000-08:002008-11-05T22:06:00.000-08:00Tommy,<BR/><BR/>Since you didn't leave an email, I have to do this publicly. No, I can't help you here. Email me and thats a different story.<BR/><BR/>-jonJon Harthttp://www.blogger.com/profile/03410754059921403771noreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-68780444022425687592008-11-05T16:40:00.000-08:002008-11-05T16:40:00.000-08:00I'm just giving this a random shot.<BR/><BR/>I am looking to find information on Sagwatch.net<BR/><BR/>It is an anonymous, privately registered blog that posts smack about the Screen Actors Guild.<BR/><BR/>I am trying to find any information I can regarding the registrar, the geographical location of the blog, etc.<BR/><BR/>If you can't help me, can you point me in the right direction?<BR/><BR/>Thanks!<BR/><BR/>Tommy LandreuAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-57597729903503122132008-08-12T10:44:00.000-07:002008-08-12T10:44:00.000-07:00If the DNS server is running on the OpenBSD box or not you should be able to increase the source port randomization with NAT. By<BR/> default NAT using Pf will use source ports 49152 to 65535. This will show a ~4900 port standard deviation using kaminsky's tool. You can increase the source port pool by adding "port 1024:65535" to the end of your NAT line in pf.conf. This will easily increase the standard deviation to over 20K. If it helps we have a full explanation and example at Calomel.org https://calomel.org/pf_config.htmlAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-89640719966078619892008-07-30T09:55:00.000-07:002008-07-30T09:55:00.000-07:00How can others help your suit? <BR/>Comcast is not a good company. They break a lot of rules, and do not play fair. Just look at their previous owners "Adelphia." <BR/><BR/>Let us know how others can help.<BR/><BR/>mrMichaelhttp://www.blogger.com/profile/01751150440039436859noreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-5473658538161615622008-07-27T18:01:00.000-07:002008-07-27T18:01:00.000-07:00"If I am mistaken in any of my assumptions or suggestions, I would love to hear differently."<BR/><BR/>Let's play with that.<BR/><BR/>'I would love to hear differently, If I am mistaken in any of my assumptions or suggestions'<BR/><BR/>So, if you are mistaken, you would like to hear otherwise? :]<BR/><BR/>/pedantAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-154482643987669152008-07-26T20:08:00.000-07:002008-07-26T20:08:00.000-07:00@Dan Kaminsky:<BR/><BR/>The results look good. Previously, the DNS-OARC tests were showing me as good whereas yours was not. Now it seems to correctly detect my mitigation steps:<BR/><BR/>bf0d8ea5035e.doxdns5.com:<BR/>208.127.144.14:61831 TXID=4821<BR/>208.127.144.17:52716 TXID=11826<BR/>208.127.144.19:59798 TXID=27644<BR/>208.127.144.20:53650 TXID=3141<BR/>208.127.144.15:56428 TXID=18012Jon Harthttp://www.blogger.com/profile/03410754059921403771noreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-3846066906359315932008-07-26T20:07:00.000-07:002008-07-26T20:07:00.000-07:00@Anonymous: <BR/><BR/>This should work in either situation -- when the DNS server is on the same box as pf, or when the DNS server is "behind" pf. You will obviously need to modify your interfaces and addresses to match your setup, however the URl that Steve provided just prior to your comment has a more robust solution with regards to interfaces names and such.Jon Harthttp://www.blogger.com/profile/03410754059921403771noreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-8930654335309508432008-07-26T19:25:00.000-07:002008-07-26T19:25:00.000-07:00Jon,<BR/><BR/> Thanks for the good words. Can you test now on the script presently hosted at www.doxpara.com? It should correctly detect randomness from you.Dan Kaminskyhttp://www.doxpara.comnoreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-56088741539587166972008-07-22T03:46:00.000-07:002008-07-22T03:46:00.000-07:00This doesn't work when the DNS-server is on the pf box itself, right?<BR/><BR/>Doesn't seem to work for me.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-19159247877717264862008-07-20T16:33:00.000-07:002008-07-20T16:33:00.000-07:00Stuart Henderson helpfully posted this suggestion to misc@ the day after the DNS vuln was announced. Anyone reading misc should already be covered.<BR/><BR/>http://marc.info/?l=openbsd-misc&amp;m=121561002720622&amp;w=2Stevehttp://www.blogger.com/profile/06779020054285806710noreply@blogger.comtag:blogger.com,1999:blog-2914337944584630860.post-25499354860529002922008-07-16T10:05:00.000-07:002008-07-16T10:05:00.000-07:00Michael Rash over at <A HREF="http://www.cipherdyne.org" REL="nofollow">Cipherdyne</A> has written a <A HREF="http://www.cipherdyne.org/blog/2008/07/mitigating-dns-cache-poisoning-attacks-with-iptables.html" REL="nofollow">similar article</A> that talks about mitigating this vulnerability using Linux's iptables.Jon Harthttp://www.blogger.com/profile/03410754059921403771noreply@blogger.com