[conspire] DNS vulnerability details

Eric De MUND ead-conspire at ixian.com
Wed Jul 23 22:37:55 PDT 2008


Rick,

First of all, a huge thank you for posting this very clearly written
report /with prescription/. I'm an expert in some tiny little areas, and
DNS isn't one of them. This is useful to me in quickly getting from poor
safety maybe not to excellent safety but perhaps to "pretty good" safety.

I appreciate the sharing tremendously. Rick, you are a guy.

] Testing your nameserver's randomness of source port selection:
]
] Or use this Web facility:
] https://www.dns-oarc.net/oarc/services/dnsentropy

Ok, in repeated tests, I'm getting 2/3 POORs and 1/3 GOODs for source
port randomness, and all GREATs for transaction IDs. This is Comcast.

    DNS Resolver(s) Tested:

    1. 68.87.76.179 (sjos-cns01.sanjose.ca.sanfran.comcast.net)
       appears to have POOR source port randomness and GREAT transaction
       ID randomness.

    2. 68.87.76.181 (sjos-cns03.sanjose.ca.sanfran.comcast.net)
       appears to have POOR source port randomness and GREAT transaction
       ID randomness.

    3. 68.87.78.131 (utah-cns01.saltlakecity.ut.utah.comcast.net)
       appears to have GOOD source port randomness and GREAT transaction
       ID randomness.

So what DNS-related debian package(s) do I need to get and run?

Regarding my Linksys WRT54G broadband router which is running DD-WRT
v23 SP2 (09/15/06) std firmware, I think that if a patch is required,
one will be made available shortly.

Regards,
Eric
--
Eric De MUND   | Ixian Systems           | Jab: eadixian at jabber.org/main
ead at ixian.com  | 650 Castro St, #120-210 | Y!M: ead0002
ixian.com/ead/ | Mountain View, CA 94041 | ICQ: 811788




More information about the conspire mailing list