Patch bind to pluig Kaminsky DNS vulnerability for FC7?

[Bill Davidsen]

Mike wrote:
> Les Mikesell <lesmikesell <at> gmail.com> writes:
> 
>> While you could probably patch every hole yourself with source builds or 
>> rebuilding src rpms from newer fedora versions, you would be better off 
>> not using Fedora if you can't or don't want to keep up with the upgrade 
>> cycle, and fortunately there are distributions designed for that 
>> situation.  RHEL5 would be very similar if you want a version with paid 
>> support or CentOS5 if you don't.  Either will have several more years of 
>> continuing update support.  They aren't even such a bad choice for 
>> desktop use now that the updates have brought OpenOffice and Firefox up 
>> to near-current releases (an unusual move - most updates are just 
>> backported bug/security fixes).
> 
> Well all but one of the boxes under my control is more up to date but that
> one is a laptop physically a long way from me and it will be a while before
> I get a chance to have a day away to do the upgrade - I was just looking for
> an interim measure....
> 
See the --random feature of iptables. You can randomize the port with 
SNAT. Reduces the exposure by quite a bit.