Patch bind to pluig Kaminsky DNS vulnerability for FC7?
Bill Davidsen
davidsen at tmr.com
Fri Aug 1 03:53:49 UTC 2008
Mike wrote:
> Les Mikesell <lesmikesell <at> gmail.com> writes:
>
>> While you could probably patch every hole yourself with source builds or
>> rebuilding src rpms from newer fedora versions, you would be better off
>> not using Fedora if you can't or don't want to keep up with the upgrade
>> cycle, and fortunately there are distributions designed for that
>> situation. RHEL5 would be very similar if you want a version with paid
>> support or CentOS5 if you don't. Either will have several more years of
>> continuing update support. They aren't even such a bad choice for
>> desktop use now that the updates have brought OpenOffice and Firefox up
>> to near-current releases (an unusual move - most updates are just
>> backported bug/security fixes).
>
> Well all but one of the boxes under my control is more up to date but that
> one is a laptop physically a long way from me and it will be a while before
> I get a chance to have a day away to do the upgrade - I was just looking for
> an interim measure....
>
See the --random feature of iptables. You can randomize the port with
SNAT. Reduces the exposure by quite a bit.
More information about the fedora-list
mailing list