PDA

View Full Version : DNS Randomness Test



Kayman
07-28-08, 08:36 AM
"The test takes a few seconds to complete. When its done you'll see a page
where the transaction ID and source port randomness will be rated either
GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact
your ISP and ask if they have plans to upgrade their nameserver software
before August 7th."
https://www.dns-oarc.net/oarc/services/dnsentropy

hummingbird
07-28-08, 09:03 AM
On Mon, 28 Jul 2008 20:36:31 +0700 'Kayman'
wrote this on alt.comp.freeware:

>"The test takes a few seconds to complete. When its done you'll see a page
>where the transaction ID and source port randomness will be rated either
>GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact
>your ISP and ask if they have plans to upgrade their nameserver software
>before August 7th."
>https://www.dns-oarc.net/oarc/services/dnsentropy


My results:
-Source Port Randomness: GREAT
-Transaction ID Randomness: GREAT

....phew ;-)


--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)

David H. Lipman
07-28-08, 03:36 PM
From: "hummingbird" <hummingbird@127.0.0.1>


| On Mon, 28 Jul 2008 20:36:31 +0700 'Kayman'
| wrote this on alt.comp.freeware:

>>"The test takes a few seconds to complete. When its done you'll see a page
>>where the transaction ID and source port randomness will be rated either
>>GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact
>>your ISP and ask if they have plans to upgrade their nameserver software
>>before August 7th."
>>https://www.dns-oarc.net/oarc/services/dnsentropy


| My results:
| -Source Port Randomness: GREAT
| -Transaction ID Randomness: GREAT

| ...phew ;-)


Verizon (my ISP)...

-Source Port Randomness: POOR
-Transaction ID Randomness: GREAT

1.. 71.250.0.36 appears to have POOR source port randomness and GREAT transaction ID
randomness.
2.. 71.250.0.37 appears to have POOR source port randomness and GREAT transaction ID
randomness.
3.. 199.45.32.38 (nsdc.bellatlantic.net) appears to have POOR source port randomness and
GREAT transaction ID randomness.
4.. 151.198.0.38 (nsmad.bellatlantic.net) appears to have POOR source port randomness
and GREAT transaction ID randomness.

| --
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Andrew Rossmann
07-28-08, 03:51 PM
In article <g6ki0v$a0k$1@registered.motzarella.org>,
kaymanDeleteThis@operamail.com says...
> "The test takes a few seconds to complete. When its done you'll see a page
> where the transaction ID and source port randomness will be rated either
> GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact
> your ISP and ask if they have plans to upgrade their nameserver software
> before August 7th."
> https://www.dns-oarc.net/oarc/services/dnsentropy

Some ISP's, such as Comcast, are fully patched, but also have an
additional layer of protection. That additional layer tends to cause
issues such as 'NAT or firewall issue' with the doxpara test, or the
POOR notes on the test above. It's the tests being fooled by the
protection, not a weakness of the protection.

--
If there is a no_junk in my address, please REMOVE it before replying!
All junk mail senders will be prosecuted to the fullest extent of the
law!!
http://home.att.net/~andyross

hummingbird
07-28-08, 03:56 PM
On Mon, 28 Jul 2008 16:36:21 -0400 'David H. Lipman'
wrote this on alt.comp.freeware:

>From: "hummingbird" <hummingbird@127.0.0.1>
>
>
>| On Mon, 28 Jul 2008 20:36:31 +0700 'Kayman'
>| wrote this on alt.comp.freeware:
>
>>>"The test takes a few seconds to complete. When its done you'll see a page
>>>where the transaction ID and source port randomness will be rated either
>>>GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact
>>>your ISP and ask if they have plans to upgrade their nameserver software
>>>before August 7th."
>>>https://www.dns-oarc.net/oarc/services/dnsentropy
>
>
>| My results:
>| -Source Port Randomness: GREAT
>| -Transaction ID Randomness: GREAT
>
>| ...phew ;-)
>
>
>Verizon (my ISP)...
>
>-Source Port Randomness: POOR
>-Transaction ID Randomness: GREAT
>
> 1.. 71.250.0.36 appears to have POOR source port randomness and GREAT transaction ID
>randomness.
> 2.. 71.250.0.37 appears to have POOR source port randomness and GREAT transaction ID
>randomness.
> 3.. 199.45.32.38 (nsdc.bellatlantic.net) appears to have POOR source port randomness and
>GREAT transaction ID randomness.
> 4.. 151.198.0.38 (nsmad.bellatlantic.net) appears to have POOR source port randomness
>and GREAT transaction ID randomness.


Is it time to give Verizon a big kick up the ass? ;-)


--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)

David H. Lipman
07-28-08, 04:33 PM
From: "hummingbird" <hummingbird@127.0.0.1>


| On Mon, 28 Jul 2008 16:36:21 -0400 'David H. Lipman'
| wrote this on alt.comp.freeware:

>>From: "hummingbird" <hummingbird@127.0.0.1>


>>| On Mon, 28 Jul 2008 20:36:31 +0700 'Kayman'
>>| wrote this on alt.comp.freeware:

>>>>"The test takes a few seconds to complete. When its done you'll see a page
>>>>where the transaction ID and source port randomness will be rated either
>>>>GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact
>>>>your ISP and ask if they have plans to upgrade their nameserver software
>>>>before August 7th."
>>>>https://www.dns-oarc.net/oarc/services/dnsentropy


>>| My results:
>>| -Source Port Randomness: GREAT
>>| -Transaction ID Randomness: GREAT

>>| ...phew ;-)


>>Verizon (my ISP)...

>>-Source Port Randomness: POOR
>>-Transaction ID Randomness: GREAT

>> 1.. 71.250.0.36 appears to have POOR source port randomness and GREAT transaction ID
>>randomness.
>> 2.. 71.250.0.37 appears to have POOR source port randomness and GREAT transaction ID
>>randomness.
>> 3.. 199.45.32.38 (nsdc.bellatlantic.net) appears to have POOR source port randomness
>> and
>>GREAT transaction ID randomness.
>> 4.. 151.198.0.38 (nsmad.bellatlantic.net) appears to have POOR source port randomness
>>and GREAT transaction ID randomness.


| Is it time to give Verizon a big kick up the ass? ;-)


/* Indeed ! */

Especially in light of their dropping ALL but the "Big 8" Usenet News Groups.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

hummingbird
07-28-08, 04:59 PM
On Mon, 28 Jul 2008 17:33:46 -0400 'David H. Lipman'
wrote this on alt.comp.freeware:

>From: "hummingbird" <hummingbird@127.0.0.1>
>
>
>| On Mon, 28 Jul 2008 16:36:21 -0400 'David H. Lipman'
>| wrote this on alt.comp.freeware:
>
>>>From: "hummingbird" <hummingbird@127.0.0.1>
>
>
>>>| On Mon, 28 Jul 2008 20:36:31 +0700 'Kayman'
>>>| wrote this on alt.comp.freeware:
>
>>>>>"The test takes a few seconds to complete. When its done you'll see a page
>>>>>where the transaction ID and source port randomness will be rated either
>>>>>GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact
>>>>>your ISP and ask if they have plans to upgrade their nameserver software
>>>>>before August 7th."
>>>>>https://www.dns-oarc.net/oarc/services/dnsentropy
>
>
>>>| My results:
>>>| -Source Port Randomness: GREAT
>>>| -Transaction ID Randomness: GREAT
>
>>>| ...phew ;-)
>
>
>>>Verizon (my ISP)...
>
>>>-Source Port Randomness: POOR
>>>-Transaction ID Randomness: GREAT
>
>>> 1.. 71.250.0.36 appears to have POOR source port randomness and GREAT transaction ID
>>>randomness.
>>> 2.. 71.250.0.37 appears to have POOR source port randomness and GREAT transaction ID
>>>randomness.
>>> 3.. 199.45.32.38 (nsdc.bellatlantic.net) appears to have POOR source port randomness
>>> and
>>>GREAT transaction ID randomness.
>>> 4.. 151.198.0.38 (nsmad.bellatlantic.net) appears to have POOR source port randomness
>>>and GREAT transaction ID randomness.
>
>
>| Is it time to give Verizon a big kick up the ass? ;-)
>
>
>/* Indeed ! */
>
>Especially in light of their dropping ALL but the "Big 8" Usenet News Groups.


Shame on them!

First they came for the binaries...
Then they came for the non-Big 8...


--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)

Derio
08-08-08, 10:01 AM
If you're not using OpenDNS, you're doing it all wrong. Seriously.

http://www.opendns.com/



"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:I46dnWrA5q9XsBPVnZ2dnUVZ_qrinZ2d@giganews.com:

> From: "hummingbird" <hummingbird@127.0.0.1>
>
>
>| On Mon, 28 Jul 2008 20:36:31 +0700 'Kayman'
>| wrote this on alt.comp.freeware:
>
>>>"The test takes a few seconds to complete. When its done you'll see a
>>>page where the transaction ID and source port randomness will be
>>>rated either GREAT, GOOD, or POOR. If you see a POOR rating, we
>>>recommend that contact your ISP and ask if they have plans to upgrade
>>>their nameserver software before August 7th."
>>>https://www.dns-oarc.net/oarc/services/dnsentropy
>
>
>| My results:
>| -Source Port Randomness: GREAT
>| -Transaction ID Randomness: GREAT
>
>| ...phew ;-)
>
>
> Verizon (my ISP)...
>
> -Source Port Randomness: POOR
> -Transaction ID Randomness: GREAT
>
> 1.. 71.250.0.36 appears to have POOR source port randomness and
> GREAT transaction ID
> randomness.
> 2.. 71.250.0.37 appears to have POOR source port randomness and
> GREAT transaction ID
> randomness.
> 3.. 199.45.32.38 (nsdc.bellatlantic.net) appears to have POOR source
> port randomness and
> GREAT transaction ID randomness.
> 4.. 151.198.0.38 (nsmad.bellatlantic.net) appears to have POOR
> source port randomness
> and GREAT transaction ID randomness.
>
>| --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>

Lutz Donnerhacke
08-08-08, 10:22 AM
* Derio wrote:
> If you're not using OpenDNS, you're doing it all wrong. Seriously.
> http://www.opendns.com/

OpenDNS is vulnerable to the attack as well as any other nonvalidating
resolver.

Poisoning a fully patched resolver in 10 hours:
http://tservice.net.ru/~s0mbre/blog/devel/networking/dns/2008_08_08.html


Compare DNS resolver strategies (incl. OpenDNS and look at the BOGUS messages):
http://www.iks-jena.de/cgi-bin/dnssec_how_dns_works.pl

Unruh
08-08-08, 11:26 AM
Derio <DerioD@yahoo.com> writes:

>If you're not using OpenDNS, you're doing it all wrong. Seriously.

>http://www.opendns.com/

That does not help much. While opendns might not have a poisoned cache, the
dns server IT gets its information from might be poisoned. Ie, when you ask
opendns for an address, it does NOT have all addresses in its cache. Simply
not big enough. It goes an asks the next DNS server for that address. If
that dns server is poisoned, then it will deliver the wrong address to
opendns, and you are screwed. DNS is a whole web of trust, not simply a
single machine, and a single poisoned node can poison the whole web.

That, AFAIK, is why this cache poisoning attack is so serious.
It helps a lot if your immediate DNS server is OK. But it is not the whole
story.





>"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>news:I46dnWrA5q9XsBPVnZ2dnUVZ_qrinZ2d@giganews.com:

>> From: "hummingbird" <hummingbird@127.0.0.1>
>>
>>
>>| On Mon, 28 Jul 2008 20:36:31 +0700 'Kayman'
>>| wrote this on alt.comp.freeware:
>>
>>>>"The test takes a few seconds to complete. When its done you'll see a
>>>>page where the transaction ID and source port randomness will be
>>>>rated either GREAT, GOOD, or POOR. If you see a POOR rating, we
>>>>recommend that contact your ISP and ask if they have plans to upgrade
>>>>their nameserver software before August 7th."
>>>>https://www.dns-oarc.net/oarc/services/dnsentropy
>>
>>
>>| My results:
>>| -Source Port Randomness: GREAT
>>| -Transaction ID Randomness: GREAT
>>
>>| ...phew ;-)
>>
>>
>> Verizon (my ISP)...
>>
>> -Source Port Randomness: POOR
>> -Transaction ID Randomness: GREAT
>>
>> 1.. 71.250.0.36 appears to have POOR source port randomness and
>> GREAT transaction ID
>> randomness.
>> 2.. 71.250.0.37 appears to have POOR source port randomness and
>> GREAT transaction ID
>> randomness.
>> 3.. 199.45.32.38 (nsdc.bellatlantic.net) appears to have POOR source
>> port randomness and
>> GREAT transaction ID randomness.
>> 4.. 151.198.0.38 (nsmad.bellatlantic.net) appears to have POOR
>> source port randomness
>> and GREAT transaction ID randomness.
>>
>>| --
>> Dave
>> http://www.claymania.com/removal-trojan-adware.html
>> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>>
>>
>>