On Wed, Jul 09, 2008 at 04:39:49AM -0400, Jean-Fran?ois Mezei wrote:
My DNS server made the various DNS requests from the same port and is thus vulnerable. (VMS TCPIP Services so no patches expected).
Well, yes, but unless I've badly misunderstood the situation, all that's necessary to mitigate this bug is to interpose a non-buggy recursive resolver between the broken machine and the Internet at large, right? So just make sure your corporate/campus edge router has a reasonable named on it, and point everything broken at that, and you should be ok, even though, as you note, DEC won't be updating VMS any time soon. :-) Cheers, -- jr 'Compaq? No, that's HP now, isn't it?' a -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Joseph Stalin)