Received: from localhost (unknown [200.46.204.183])
	by postgresql.org (Postfix) with ESMTP id 6056D64FFCC
	for <pgsql-www-postgresql.org@postgresql.org>;
	Sun, 27 Jul 2008 18:24:44 -0300 (ADT)
Received: from postgresql.org ([200.46.204.86])
	by localhost (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024)
	with ESMTP id 32559-02-2 for <pgsql-www-postgresql.org@postgresql.org>;
	Sun, 27 Jul 2008 18:24:32 -0300 (ADT)
Received: from mx3.hub.org (mx3.hub.org [206.223.169.73])
	by postgresql.org (Postfix) with ESMTP id 2E7E1650531
	for <pgsql-www@postgresql.org>; Sun, 27 Jul 2008 15:37:27 -0300 (ADT)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from lists.commandprompt.com (host-159.commandprompt.net
	[207.173.203.159]) by mx3.hub.org (Postfix) with ESMTP id 97CCE37BA83
	for <pgsql-www@postgresql.org>; Sun, 27 Jul 2008 15:37:26 -0300 (ADT)
Received: from [192.168.1.226] (or-69-34-217-90.sta.embarqhsd.net
	[69.34.217.90]) (authenticated bits=0)
	by lists.commandprompt.com (8.13.8/8.13.8) with ESMTP id m6RIarAJ008791
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sun, 27 Jul 2008 11:36:55 -0700
Message-ID: <488CBFB6.6000207@commandprompt.com>
Date: Sun, 27 Jul 2008 11:34:30 -0700
From: "Joshua D. Drake" <jd@commandprompt.com>
Organization: Command Prompt, Inc.
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: Tom Lane <tgl@sss.pgh.pa.us>
CC: Andrew Sullivan <ajs@commandprompt.com>, pgsql-www@postgresql.org
Subject: Re: Insecure DNS servers on PG infrastructure
References: <26210.1216998123@sss.pgh.pa.us>
	<20080725154048.GE29775@commandprompt.com>
	<572.1217018672@sss.pgh.pa.us>
In-Reply-To: <572.1217018672@sss.pgh.pa.us>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0
	(lists.commandprompt.com [207.173.203.159]);
	Sun, 27 Jul 2008 11:36:56 -0700 (PDT)
X-Virus-Scanned: Maia Mailguard 1.0.1
X-Spam-Status: No, hits=0 tagged_above=0 required=5 tests=none
X-Spam-Level: 
X-Archive-Number: 200807/136
X-Sequence-Number: 15566

Tom Lane wrote:
> Andrew Sullivan <ajs@commandprompt.com> writes:
>> On Fri, Jul 25, 2008 at 11:02:03AM -0400, Tom Lane wrote:
>>> If it says FAIR or POOR then you have an unpatched server or there
>>> is something interfering with the port randomization.  If the server
>>> is behind a NAT firewall then the latter is entirely likely.
> 
>> There's no reason that a NAT should do that, if the device is
>> competently built: if you randomise source ports on the inside, the
>> NAT device could just use the same port on the outside.


Tom can you check if this has been resolved? If not I am going to start 
paging people.

Joshua D. Drake