philbot500 Posted August 20, 2008 Share Posted August 20, 2008 Just started a new contract. I have just managed to persuade them that they need to patch for the Kaminsky DNS problem. They turned around and said "Okay, you do it. It's on your shoulders." I'm a bit worried! It's a 2k3 domain with Exchange, DC, DNS, DHCP ctc on 6 boxes. I'm kind of thinking that if I apply this patch (MS08-037) it might try and use ports that other services are listening on. This would cause a problem. Am I right in thinking that if DNS doesn't get an answer on UDP it will try again on TCP? If so are TCP ports randomised in this patch? The only way out thet I can see is to limit the ports that are randomised. If I tell it to only choose between 256 ports to randomise I should still have the 16 bit txID plus the 8 bits from the port randonistation. Is that enough? Please help. What have you done? Philbot500. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.