How do I randomize the DNS source port number?

Tue Jul 30 15:52:16 UTC 2002

>>>>> "Phil" == phil-news-nospam  <phil-news-nospam at ipal.net> writes:

    >> You also have to either intercept the query, or guess the
    >> DNS ID in the query, only a 1 in 65536 chance (random ports
    >> boost this to close to (but less than) 1 in 65536^2, but that 
    >> is why you would expect to see a lot of packets, not only does
    >> he have to get the right 400ms or so query/response gap, but
    >> in that 400ms he must get the right DNS ID in the spoofed
    >> reply.

    Phil> That sounds like it should make this attack very difficult,
    Phil> at least as much as random ports, or way more.

Not really. As I've said before -- and no doubt will say again --
randomising the port numbers and query IDs do not really protect
against DNS spoofing. They raise the barrier a little for one type of
attack. It's comparable to taking the keys out of the ignition
switch as an anti-theft precaution when you leave your car.