<div dir="ltr"><div class="gmail_default" style="font-family:garamond,serif">Yes, I was referring to porttest.</div><div class="gmail_default" style="font-family:garamond,serif">Best.</div></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">On Mon, Sep 9, 2013 at 6:27 PM, Keith Mitchell <span dir="ltr"><<a href="mailto:keith@dns-oarc.net" target="_blank">keith@dns-oarc.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On 09/09/2013 06:07 AM, Haya Shulman wrote:<br>
<br>
> For instance, DNS-OARC does not detect port prediction attacks, and<br>
> reports clients as secure, while they are vulnerable to attacks.<br>
<br>
</div>OARC does many things, I assume here you are referring to our port<br>
entropy tester:<br>
<br>
<a href="https://www.dns-oarc.net/oarc/services/porttest" target="_blank">https://www.dns-oarc.net/oarc/services/porttest</a><br>
<div class="im"><br>
> I contacted the maintainers of DNS-OARC and notified them of this<br>
> vulnerability last year, and proposed a simple fix to the problem...<br>
> but the system was not updated and still reports vulnerable systems<br>
> as secure, so relying on its feedback may be risky.<br>
<br>
</div>I didn't see that communication, so I can only assume it pre-dated my<br>
current OARC tenure. Thanks for the heads-up and apologies it did not<br>
get responded to. If you could please re-send me what you sent off-list,<br>
we'll see about getting your proposed fix incorporated into the tool<br>
and/or an appropriate caveat meantime.<br>
<span class="HOEnZb"><font color="#888888"><br>
Keith<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>Best Regards,<br></div>S.H.<br></div>
</div>