[LINK] Does your ISP randomize the DNS source port?
Scott Howard
scott at doc.net.au
Tue Jul 29 17:13:03 AEST 2008
On Mon, Jul 28, 2008 at 11:49 PM, Karl Auer <kauer at biplane.com.au> wrote:
> If you are behind a NAT device - and 99% of all home users are - your
> NAT is almost certainly derandomising the port numbers used. Only a test
> on the open Internet is really valid.
Unless your system is originating the DNS requests itself (ie, using the
root servers rather than an upstream cache) then what the NAT does isn't
relevant. Even if it does de-randomize the source port, it's only going to
do it between the NAT router and your ISPs DNS server, not any further - and
it's the next step that is being tested here. So in almost every single case
this test is valid regardless of whether you're behind a NAT router or not.
> I will give them a chance to address this properly before I name and
> > shame them.
>
> Naming them won't shame them, regardless. At worst it shows they are
> mistaken. Never been mistaken?
Any ISP that hasn't patched this problem yet deserves to be shamed. This is
a major vulnerability which is being actively exploited - although I'm sure
there's no end of still vulnerable systems out there, there are _zero_
excuses for ISPs not to have patched their systems by now.
Scott.
More information about the Link
mailing list