[LINK] Does your ISP randomize the DNS source port?

Karl Auer kauer at biplane.com.au
Tue Jul 29 16:49:00 AEST 2008


On Tue, 2008-07-29 at 16:32 +1000, Jon Seymour wrote:
>  > Thanks for the email. With regards to your query, I assure you that
> our DNS server is operating fine with no problems.
> 
> Despite the fact that their DNS still uses a fixed source port. What
> part of "randomize your source port" don't they understand, I wonder?

If you are behind a NAT device - and 99% of all home users are - your
NAT is almost certainly derandomising the port numbers used. Only a test
on the open Internet is really valid.

If you don't have access to the open Internet, let me know the DNS
servers and I'll check them for you.

> I will give them a chance to address this properly before I name and
> shame them.

Naming them won't shame them, regardless. At worst it shows they are
mistaken. Never been mistaken?

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

GPG fingerprint: DD23 0DF3 2260 3060 7FEC 5CA8 1AF6 D9E3 CFEE 6B28
Public key at  : random.sks.keyserver.penguin.de





More information about the Link mailing list