DNS aund randomized source ports

Ed Greshko Ed.Greshko at greshko.com
Fri Mar 15 12:00:22 UTC 2013

On 03/15/13 19:15, Reindl Harald wrote:
> Am 15.03.2013 10:57, schrieb Ed Greshko:
>> On 03/15/13 17:46, Ed Greshko wrote:
>>> Is the destination IP address a single IP address or are there others.
>>> Is your system running a DNS server?  If you are running one, is it supposed to be servicing requests from the Internet?  If it is supposed to be taking requests from the Internet, have you made sure to configure such that recursion is disabled.
>> Never mind....
>> In re-reading the original message I see the "source port" is 35442.  I'm pretty sure recursion from a DNS server would show 53 as the source port.
> pretty sure only if your DNS is very outdated
> http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
> http://en.wikipedia.org/wiki/DNS_spoofing
> As stated above, source port randomization for DNS requests, combined with the use of cryptographically-secure
> random numbers for selecting both the source port and the 16-bit cryptographic nonce, can greatly reduce the
> probability of successful DNS race attacks.

Good to know.  It has been a long time since I've done DNS stuff at the network layer.

It sounded like a DNSSEC and DNS amplification attack with the Bank's network as the target.  But, the OP seems not to have a DNS server configured.

From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130315/ac763db9/attachment.sig>

More information about the users mailing list