So it looks like the glibc vulnerability can be vastly mitigated with ASLR — still need a rebuild but I feel safer, thanks @GentooHardened
@flameeyes @lu_zero_ @GentooHardened If can also be completely mitigated by "nameserver 127.0.0.1" and a non-buggy local ns.
-
-
@RichFelker@lu_zero_@GentooHardened or forcing the use of Google Public DNS works as well, I already iptables filtered any other DNS -
@flameeyes@lu_zero_@GentooHardened No it doesn't. Pkts from outside your net are out of your control and subj to MITM & even blind spoof. -
@RichFelker@lu_zero_@GentooHardened assume MITM is less likely; blind spoof wouldn't trigger decode, afaict from the vuln description
End of conversation
New conversation -
-
-
@flameeyes@lu_zero_@GentooHardened Or by using iptables to block invalid dns packets (port 53, payload size>512).Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.