29 Jul
2008
29 Jul
'08
3:54 a.m.
* Paul Vixie:
Listen on 200 random fake ports (in addition to the true query ports);
at first glance, this is brilliant, though with some unimportant nits.
It doesn't work OOTB for most users because the spoofed packets never reach the name server process if you don't use the ports to send packets to the authoritative server which is spoofed--the wonders of stateful firewalling.