[nsp-sec] List of vulnerable DNS resolvers
Florian Weimer
fweimer at bfk.de
Wed Jul 23 03:54:15 EDT 2008
* Niels Provos:
> These IP addresses are from recursive resolvers that showed very low
> standard-deviation (<200) in their source ports according to
> measurements conducted by David Dagon and myself over the last 7 days.
How many probes per resolver were used in this survey?
> I released a small Python tool that you can use to test your own
> resolver. You can download it from:
>
> http://www.monkey.org/~provos/dnspredict.py
Your test yields false positives for resolvers which use a contiguous
range of source ports, even if it could be deemed sufficiently large.
In other words, I believe _MIN_STDDEV is too large.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list