develooper Front page | perl.qpsmtpd | Postings from March 2006

Re: dnsbl or spamhaus occassionally blocks wrong IP

Thread Previous | Thread Next
From:
John Peacock
Date:
March 14, 2006 13:36
Subject:
Re: dnsbl or spamhaus occassionally blocks wrong IP
Message ID:
4417374D.60307@rowman.com
Peter J. Holzer wrote:
> While investigating this (and before reading your mail) I found out two
> other facts which are rather bad:
> 
> 1) Net::DNS by default uses port 0, and Linux seems to assign ports
>    sequentially. This makes it rather easy to guess port numbers.

This would only be an issue if we were worried about someone injecting 
false information into our queries, right?  I'm not going to lose any 
sleep over this for our application (especially since I am using a 
stateful firewall which makes this nigh impossible).

> 
> 2) Net::DNS assigns a random id when the package is loaded and just
>    increments the id for each request. This also makes ID guessing easy.
>    What's worse, with forkserver the package is loaded in the parent
>    process, so every child goes through the same sequence of IDs!
>    It doesn't matter in this case, since the ID isn't checked anyway,
>    but for synchroneous requests it makes a difference.

This is more of a problem, since we are actively urging people to use 
forkserver.  Can we use eval "use Net::DNS" after we fork to prevent 
this from happening?  Can we poke a new ID value manually for each fork 
instance?

John

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About