[Offtopic] o/t Does your ISP randomize the DNS source port?
stephen at melbpc.org.au
stephen at melbpc.org.au
Wed Jul 30 03:35:19 EST 2008
Perhaps of interest ..
> John Seymour writes, Having stumbled across this vulnerability:
> http://www.kb.cert.org/vuls/id/800113 and test: http://www.doxpara.com/
> and finding that my ISP's DNS doesn't use randomised source ports ..
>
> And on Tue, Jul 29, 2008 at 12:06 AM, Rick also reports:
>
> > The page at http://www.doxpara.com/ reports that my DNS ports
> > are being randomised, using DNS server 220.233.0.34 I am behind NAT.
> > Could you check this? Or, if I am logged into a machine on the open
> > Internet in a bash shell, how can I check this myself?
And Scott scott at doc.net.au writes:
The easiest way is to use Duane Wessels test site at porttest.dns-oarc.net.
To test your current DNS servers use :
dig +short porttest.dns-oarc.net TXT
to test another DNS server, use :
dig +short porttest.dns-oarc.net TXT @220.233.0.34
The output will be something like :
$ dig +short porttest.dns-oarc.net TXT
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-
oarc.net.
"69.36.224.149 is GREAT: 26 queries in 0.1 seconds from 26 ports with std
dev 15990"
Which is fairly self-explanatory - all you're really interested in is the
GREAT (or GOOD, FAIR, POOR, ...)
If you don't have dig, the nslookup equivalents are :
nslookup -q=txt porttest.dns-oarc.net and
nslookup -q=txt porttest.dns-oarc.net 203.233.0.34
There's also a great web-based version at
http://entropy.dns-oarc.net/test/
I can't test your DNS servers, which probably means that your ISP is
limiting requests to that IP (not uncommon - they don't want the whole
world using their servers) etc ..
--
Cheers, Scott
Stephen Loosley
Victoria, Australia
More information about the offtopic
mailing list