Transaction ID is just not enough (even if 100% "random")

Author	All Replies
Alan Clegg @rr.com approval from: Cabal	reply to espaeth Transaction ID is just not enough (even if 100% "random") If you have sufficient transaction ID randomness, then to a certain degree the source port randomness is just an academic bonus. The issue with Bind was that both the source port and the transaction ID for the requests were predictable, which made the poisoning not just possible, but actually quite likely if you scripted things correctly. You sir, are completely incorrect. Alan Clegg aclegg@isc.org
Alan Clegg @rr.com approval from: Cabal	to forum · permalink · 2008-07-24 21:05:38 ·
espaeth Digital Plumber Premium,MVM join:2001-04-21 Minneapolis, MN kudos:2 Reviews: ·Clear Wireless	said by Alan Clegg : If you have sufficient transaction ID randomness, then to a certain degree the source port randomness is just an academic bonus. You sir, are completely incorrect. Completely ? I will acknowledge that I overstated on source port randomness just being a bonus. Still, the most exploitable servers are those that are still using fixed source port queries, followed by the previous bind implementations that still had limited entropy for both the source port and transaction ID. The servers being reported with "poor" source port randomness (ie, randomness within a fixed range) but "good" for transaction ID randomness are still better off than those servers out there still susceptible to »securitytracker.com/alerts/2007/···442.html .
	to forum · permalink · 2008-07-24 22:22:10 ·

US Cable Support > Comcast HSI > [DNS] Comcast and the DNS Server flaw issue