dig source port patch
Jim Reid
jim at rfc1035.com
Thu Sep 4 19:15:46 UTC 2003
>>>>> "Jonathan" == Jonathan de Boyne Pollard <J.deBoynePollard at tesco.net> writes:
Jonathan> False. It makes it harder for an attacker with no
Jonathan> access to the original query datagram to guess at the
Jonathan> correct response datagram to send. When only
Jonathan> randomising the message ID, such an attacker has a
Jonathan> 1-in-65536 proability of making the correct guess. When
Jonathan> choosing both a random message ID and a random port
Jonathan> number from (say) a set of 200 numbers, this is
Jonathan> decreased to 1-in-13107200.
Your arithmetic is correct. But your logic is flawed. And you're
kidding yourself if you think randomising port numbers is a big help
in preventing spoofing. It's a stupid assumption to believe attackers
can't see query replies or responses as they go by. [This may be true
on a secure VPN with "trusted" hosts, users and clients but the
internet is not that animal.] Would someone expect their car to be
thief-proof because they think nobody else will ever be able to see
what the keys look like?
JR> An attacker will see the query as it goes by.
Jonathan> False. Not all attackers will.
And your point is? By your own logic, some attackers will be able to
see the packets as they go by and spoof them. Therefore, randomising
the port ideas achieves nothing unless you consider those types of
attacks to be impossible. Other than a false sense of security of
course.
More information about the bind-users
mailing list