Jump to content

DNS Randomness Test

Guest Kayman

By Guest Kayman
in Windows XP

 Share

Recommended Posts

Guest Kayman

Guest Kayman

Posted
Posted

"The test takes a few seconds to complete. When its done you'll see a page

where the transaction ID and source port randomness will be rated either

GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact

your ISP and ask if they have plans to upgrade their nameserver software

before August 7th."

https://www.dns-oarc.net/oarc/services/dnsentropy

  • Replies 28
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Twayne

Guest Twayne

Posted
Posted

Re: DNS Randomness Test

 

> "The test takes a few seconds to complete. When its done you'll see a

> page where the transaction ID and source port randomness will be

> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we

> recommend that contact your ISP and ask if they have plans to upgrade

> their nameserver software before August 7th."

 

Umm, I'd beware any stranger offering advice in case that appeals to

you. It's outright spam to begin with and of no known value or

recognition otherwise. It's designed to make you curious and want to

visit that URL where who knows what might go on? It'd be funny if it

weren't so stupid!

Guest Geoff

Guest Geoff

Posted
Posted

Re: DNS Randomness Test

 

On Mon, 28 Jul 2008 12:18:10 -0400, "Twayne" <nobody@devnull.spamcop.net>

wrote:

>> "The test takes a few seconds to complete. When its done you'll see a

>> page where the transaction ID and source port randomness will be

>> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we

>> recommend that contact your ISP and ask if they have plans to upgrade

>> their nameserver software before August 7th."

>

>Umm, I'd beware any stranger offering advice in case that appeals to

>you. It's outright spam to begin with and of no known value or

>recognition otherwise. It's designed to make you curious and want to

>visit that URL where who knows what might go on? It'd be funny if it

>weren't so stupid!

>

>

As an advisory it lacks any real information. This is supposed to be an

advisory about the Kaminsky DNS vulnerability but is of limited use to end

users other than to generate grass roots movement from users to get ISP's

to upgrade their DNS code.

 

The full text of the dns-oarc.net page follows:

 

----------------------

 

US-CERT's Vulnerability Note VU#800113 describes deficiencies in the DNS

protocol and implementations that can facilitate cache poisoning attacks.

The answers from a poisoned nameserver cannot be trusted. You may be

redirected to malicious web sites that will try to steal your identity or

infect your computers with malware. On August 7, 2008, Dan Kaminsky will

release the details of how such attacks can be launched against vulnerable

DNS resolvers.

 

The essence of the problem is that DNS resolvers don't always use enough

randomness in their transaction IDs and query source ports. Increasing the

amount of randomness increases the difficulty of a successful poisoning

attack.

 

This page exists to help you learn if your ISP's nameservers are vulnerable

to this type of attack. If you click on the button below, we will test the

randomness of your ISP DNS resolver.

 

 

The test takes a few seconds to complete. When its done you'll see a page

where the transaction ID and source port randomness will be rated either

GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact

your ISP and ask if they have plans to upgrade their nameserver software

before August 7th.

 

See porttest for another way to check your resolver from a Unix

commandline.

 

----------------------

 

See also: http://www.kb.cert.org/vuls/id/800113

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: DNS Randomness Test

 

From: "Twayne" <nobody@devnull.spamcop.net>

>> "The test takes a few seconds to complete. When its done you'll see a

>> page where the transaction ID and source port randomness will be

>> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we

>> recommend that contact your ISP and ask if they have plans to upgrade

>> their nameserver software before August 7th."

 

| Umm, I'd beware any stranger offering advice in case that appeals to

| you. It's outright spam to begin with and of no known value or

| recognition otherwise. It's designed to make you curious and want to

| visit that URL where who knows what might go on? It'd be funny if it

| weren't so stupid!

 

 

 

No. Both Kayman and the site are legitimate and most importantly this is a good test

concerning the US CERT

Vulnerability Note VU#800113

 

Reference:

http://www.kb.cert.org/vuls/id/800113

 

This is NOT spam!

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest Lon

Guest Lon

Posted
Posted

Re: DNS Randomness Test

 

Twayne wrote:

>> "The test takes a few seconds to complete. When its done you'll see a

>> page where the transaction ID and source port randomness will be

>> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we

>> recommend that contact your ISP and ask if they have plans to upgrade

>> their nameserver software before August 7th."

https://www.dns-oarc.net/oarc/services/dnsentropy

>

> Umm, I'd beware any stranger offering advice in case that appeals to

> you. It's outright spam to begin with and of no known value or

> recognition otherwise. It's designed to make you curious and want to

> visit that URL where who knows what might go on? It'd be funny if it

> weren't so stupid!

>

>

>

I'd also beware of self appointed security experts who do not recognize

the site http://www.dns-oarc.net.

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

Re: DNS Randomness Test

 

 

"Lon" <lon.stowell@comcast.net> wrote in message

news:79Kdne3O09h_8xPVnZ2dnUVZ_hjinZ2d@comcast.com...

> Twayne wrote:

>>> "The test takes a few seconds to complete. When its done you'll see a

>>> page where the transaction ID and source port randomness will be

>>> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we

>>> recommend that contact your ISP and ask if they have plans to upgrade

>>> their nameserver software before August 7th."

> https://www.dns-oarc.net/oarc/services/dnsentropy

>>

>> Umm, I'd beware any stranger offering advice in case that appeals to you.

>> It's outright spam to begin with and of no known value or recognition

>> otherwise. It's designed to make you curious and want to visit that URL

>> where who knows what might go on? It'd be funny if it weren't so stupid!

>>

>>

>>

> I'd also beware of self appointed security experts who do not recognize

> the site http://www.dns-oarc.net.

 

But how do we know that clicking that link will actually

resolve to that (considering the topic) legitimate site? :O)

 

URL's are not dangerous, however the software you run to

access them may well be.

Guest Lon

Guest Lon

Posted
Posted

Re: DNS Randomness Test

 

FromTheRafters wrote:

> "Lon" <lon.stowell@comcast.net> wrote in message

> news:79Kdne3O09h_8xPVnZ2dnUVZ_hjinZ2d@comcast.com...

>> Twayne wrote:

>>>> "The test takes a few seconds to complete. When its done you'll see a

>>>> page where the transaction ID and source port randomness will be

>>>> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we

>>>> recommend that contact your ISP and ask if they have plans to upgrade

>>>> their nameserver software before August 7th."

>> https://www.dns-oarc.net/oarc/services/dnsentropy

>>> Umm, I'd beware any stranger offering advice in case that appeals to you.

>>> It's outright spam to begin with and of no known value or recognition

>>> otherwise. It's designed to make you curious and want to visit that URL

>>> where who knows what might go on? It'd be funny if it weren't so stupid!

>>>

>>>

>>>

>> I'd also beware of self appointed security experts who do not recognize

>> the site http://www.dns-oarc.net.

>

> But how do we know that clicking that link will actually

> resolve to that (considering the topic) legitimate site? :O)

 

Klothnet nslookup if your software doesn't display the full encoded

url on mouseover.

>

> URL's are not dangerous, however the software you run to

> access them may well be.

 

Most of the problems are just above and behind the keyboard.

Guest Twayne

Guest Twayne

Posted
Posted

Re: DNS Randomness Test

 

f'ups set to msp sec... .virus to save gas, I mean, ether.

> Twayne wrote:

>>> "The test takes a few seconds to complete. When its done you'll see

>>> a page where the transaction ID and source port randomness will be

>>> rated either GREAT, GOOD, or POOR. If you see a POOR rating, we

>>> recommend that contact your ISP and ask if they have plans to

>>> upgrade their nameserver software before August 7th."

> https://www.dns-oarc.net/oarc/services/dnsentropy

>>

>> Umm, I'd beware any stranger offering advice in case that appeals to

>> you. It's outright spam to begin with and of no known value or

>> recognition otherwise. It's designed to make you curious and want to

>> visit that URL where who knows what might go on? It'd be funny if it

>> weren't so stupid!

>>

>>

>>

> I'd also beware of self appointed security experts who do not

> recognize the site http://www.dns-oarc.net.

 

 

 

None the less, it is spam and as such is subject to all the things spam

is worthy of: nothing. I repeat: "It's designed to make you curious

and want to

>> visit that URL where who knows what might go on? It'd be funny if it

>> weren't so stupid!"

Spam is spam and you are a spammer.

And speaking of "experts", you seem totally unaware that spam isn't

acceptable, and also that redirections are easy. If you think that URL

is so well known, you have another think coming. It is NOT a recognized

web site for security aspects. In fact:

 

It's blacklisted at APEWS-L1: (SPEWS replacement)

-----------------------------------------------

http://openrbl.org/client/#www.dns-oarc.net

APEWS_L1 - Anon PM Early Warning System - Level 1

RHS: Spamvertized Domains and alike_

homepagehttp://apews.org/

typeHOST (RHS) Blacklist

zonel1.apews.rhsbl.uceprotect.net [Wiki]

statusBlocklisted at l1.apews.rhsbl.uceprotect.net

-----------------------------------------------

WAS recently listed at SORBS,

----------------------------------------------

and is mired in a long list of AS horizontals and verticals that most

would only use for the purpose of making it difficult to trace them

specifically. Hmm, now who would want that? Oh! I know! Spammers!

 

lookuphttp://apews.org/?page=test&ip=www.dns-oarc.net

http://www.uceprotect.net/en/apews.html

 

public.dns-oarc.net

 

public.dns-oarc.net has one IP record . http://www.dns-oarc.net point

to the same IP.

network-scanner-230-for-more-info-see.public.dns-oarc.net and

network-scanner-224-for-more-info-see.public.dns-oarc.net are subdomains

to this hostname.

baserecordnameipreverserouteas

public.dns-oarc.neta149.20.58.8www.dns-oarc.net149.20.0.0/16 AS1280

project netblockAS1280 ISC AS1280 Internet Systems Consortium, Inc

dns-oarc.netnshq-ns.oarc.isc.org204.152.184.186hq-ns.oarc.isc.org204.152.184.0/21

ns-ext.isc.org204.152.184.64ns-ext.isc.org

ns-ext.nrt1.isc.org192.228.90.19ns-ext.nrt1.isc.org192.228.90.0/24

Internet Software ConsortiumAS2500 WIDE Project in Japan

ns-ext.lga1.isc.org192.228.91.19ns-ext.lga1.isc.org192.228.91.0/24

Internet Systems Consortium, Inc., New York, NY, USAAS27319 ISC LGA1

Internet Systems Consortium, Inc , New York, NY, US

ns-ext.sth1.isc.org192.228.89.19ns-ext.sth1.isc.org192.228.89.0/24

Internet Systems Consortium, Inc.AS8674 NETNOD IX Netnod Internet

Exchange Sverige AB (former D GIX) $Id: aut num:AS8674,v 1 12 2008/07/01

12:56:12 liman Exp $

mxmail.dns-oarc.net149.20.58.4mail.dns-oarc.net149.20.0.0/16 AS1280

project netblockAS1280 ISC AS1280 Internet Systems Consortium, Inc

org isc.org net nrt1.isc.org oarc.isc.org sth1.isc.org lga1.isc.org

--------------------------------------

 

NOW, IDIOT SPAMMER, I gave you a pass on reporting you since it appeared

you might not know what you're doing. But from just 3 minutes worth of

research I can see you not only know what you're doing is spamming, but

you are still spamming even though you're dropped by at one list and

have been noted at around 8 other lists. SORBS may have "dropped" you

but rest assured it won't take a lot to put you back on their list.

 

If I come across you again on ANY group, forum or other means, rest

assured I will not hassle you, but I WILL report you for spamming, and

I'll resurrect the discussions at nanae for you using your own tripe as

proof!

So either get your ass out of here or be prepared to start looking

for other resources again. It looks like discussions at nanae would be

pretty easy to reopen; it's only been a short period of time.

Don't address me again: I only give one warning.

 

HTH (you provide the word for the last H)

Guest Newell White

Guest Newell White

Posted
Posted

Re: DNS Randomness Test

 

 

"FromTheRafters" wrote:

 

>

> But how do we know that clicking that link will actually

> resolve to that (considering the topic) legitimate site? :O)

>

> URL's are not dangerous, however the software you run to

> access them may well be.

>

>

Those of us who have reached the age of discretion right click on the link,

then copy and paste into our browser's address bar.

 

We get lots of practice at this because our incoming e-mails are shown in

plain text format.

 

We are suspicious old farts who plan on living a long time.

--

Regards,

Newell White

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

Re: DNS Randomness Test

 

 

"Newell White" <NewellWhite@discussions.microsoft.com> wrote in message

news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...

>

> "FromTheRafters" wrote:

>

>

>>

>> But how do we know that clicking that link will actually

>> resolve to that (considering the topic) legitimate site? :O)

>>

>> URL's are not dangerous, however the software you run to

>> access them may well be.

>>

>>

> Those of us who have reached the age of discretion right click on the

> link,

> then copy and paste into our browser's address bar.

 

Which doesn't address the DNS poisoning issue. Any URL at all

(requiring a lookup) is suspect. Only comparing returns from a known

good name server can confirm if the URL's friendly name is actually

where your browser will be directed.

..

Guest Newell White

Guest Newell White

Posted
Posted

Re: DNS Randomness Test

 

"FromTheRafters" wrote:

>

> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message

> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...

> >

> > "FromTheRafters" wrote:

> >

> >

> >>

> >> But how do we know that clicking that link will actually

> >> resolve to that (considering the topic) legitimate site? :O)

> >>

> >> URL's are not dangerous, however the software you run to

> >> access them may well be.

> >>

> >>

> > Those of us who have reached the age of discretion right click on the

> > link,

> > then copy and paste into our browser's address bar.

>

> Which doesn't address the DNS poisoning issue. Any URL at all

> (requiring a lookup) is suspect. Only comparing returns from a known

> good name server can confirm if the URL's friendly name is actually

> where your browser will be directed.

> ..

Point taken.

But even before the DNS issue using the Internet involves a certain amount

of trust.

 

--

Regards,

Newell White

Guest Twayne

Guest Twayne

Posted
Posted

Re: DNS Randomness Test

 

> "FromTheRafters" wrote:

>

>>

>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in

>> message news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...

>>>

>>> "FromTheRafters" wrote:

>>>

>>>

>>>>

>>>> But how do we know that clicking that link will actually

>>>> resolve to that (considering the topic) legitimate site? :O)

>>>>

>>>> URL's are not dangerous, however the software you run to

>>>> access them may well be.

>>>>

>>>>

>>> Those of us who have reached the age of discretion right click on

>>> the link,

>>> then copy and paste into our browser's address bar.

>>

>> Which doesn't address the DNS poisoning issue. Any URL at all

>> (requiring a lookup) is suspect. Only comparing returns from a known

>> good name server can confirm if the URL's friendly name is actually

>> where your browser will be directed.

>> ..

> Point taken.

> But even before the DNS issue using the Internet involves a certain

> amount of trust.

 

Yes, it does. But clicking a link in any spam is asking for trouble

sooner or later.

Guest John

Guest John

Posted
Posted

Re: DNS Randomness Test

 

 

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message

news:ej54BPV8IHA.1196@TK2MSFTNGP05.phx.gbl...

> On Mon, 28 Jul 2008 19:14:07 -0600, Lon wrote:

>

> <snip>

>

>> I'd also beware of self appointed security experts who do not recognize

>> the site http://www.dns-oarc.net.

>

> Hey Lon, while we're having so much fun, here is another DNS checker

> http://www.doxpara.com/

> (a good tool to double-check the results obtained from

> https://www.dns-oarc.net/oarc/services/dnsentropy )

> :-)

 

I'm not sure how these tools work but they seem to automatically "pick" our

ISP's DNS IP address to scan. The thing is the IP address doesn't

necessarily match the ones I'm using (also belong to my ISP). As an example,

I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell me

that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are my

ISP's DNS servers.

 

I understand that they have multiple addresses (may be hundreds/thousands

depending on ISP size). My questions is:

Is there a tool that lets us input IP address to scan?

 

Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the tools

at dns-oarc.net or doxpara.com) has been patched, they have patched the rest

of their DNS servers and therefore it is safe to use any of their DNS?

 

Thanks in advance.

Guest Kayman

Guest Kayman

Posted
Posted

Re: DNS Randomness Test

 

On Tue, 29 Jul 2008 13:38:52 -0700, John wrote:

> "Kayman" <kaymanDeleteThis@operamail.com> wrote in message

> news:ej54BPV8IHA.1196@TK2MSFTNGP05.phx.gbl...

>> On Mon, 28 Jul 2008 19:14:07 -0600, Lon wrote:

>>

>> <snip>

>>

>>> I'd also beware of self appointed security experts who do not recognize

>>> the site http://www.dns-oarc.net.

>>

>> Hey Lon, while we're having so much fun, here is another DNS checker

>> http://www.doxpara.com/

>> (a good tool to double-check the results obtained from

>> https://www.dns-oarc.net/oarc/services/dnsentropy )

>> :-)

>

> I'm not sure how these tools work but they seem to automatically "pick" our

> ISP's DNS IP address to scan.

 

Yes, that's seems to be the procedure.

> The thing is the IP address doesn't

> necessarily match the ones I'm using (also belong to my ISP). As an example,

> I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell me

> that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are my

> ISP's DNS servers.

 

Talk to you Internet Service Provider (ISP); They probably issue dynamic IP

addresses.

FYI:

http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html

> I understand that they have multiple addresses (may be hundreds/thousands

> depending on ISP size). My questions is:

> Is there a tool that lets us input IP address to scan?

 

Don't know, sorry.

> Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the tools

> at dns-oarc.net or doxpara.com) has been patched, they have patched the rest

> of their DNS servers and therefore it is safe to use any of their DNS?

 

I'd assume it's safe; If in doubt talk to the ISP.

Let us know their response.

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

Re: DNS Randomness Test

 

 

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:OAgv1kb8IHA.4532@TK2MSFTNGP05.phx.gbl...

> From: "Twayne" <nobody@devnull.spamcop.net>

>

>

>

> | Yes, it does. But clicking a link in any spam is asking for trouble

> | sooner or later.

>

>

> Except this was a legitimate post and was in no way shape or form 'spam'.

 

This guy hates spam.

 

To a hammer, everything looks like a nail. :o)

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: DNS Randomness Test

 

From: "FromTheRafters" <erratic@ne.rr.com>

 

 

| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

| news:OAgv1kb8IHA.4532@TK2MSFTNGP05.phx.gbl...

>> From: "Twayne" <nobody@devnull.spamcop.net>

 

 

>> | Yes, it does. But clicking a link in any spam is asking for trouble

>> | sooner or later.

 

>> Except this was a legitimate post and was in no way shape or form 'spam'.

 

| This guy hates spam.

 

| To a hammer, everything looks like a nail. :o)

 

 

 

:-)

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

Re: DNS Randomness Test

 

 

"Newell White" <NewellWhite@discussions.microsoft.com> wrote in message

news:F0BC9CFC-527F-4ACC-9983-32838D88D5F3@microsoft.com...

> "FromTheRafters" wrote:

>

>>

>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message

>> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...

>> >

>> > "FromTheRafters" wrote:

>> >

>> >

>> >>

>> >> But how do we know that clicking that link will actually

>> >> resolve to that (considering the topic) legitimate site? :O)

>> >>

>> >> URL's are not dangerous, however the software you run to

>> >> access them may well be.

>> >>

>> >>

>> > Those of us who have reached the age of discretion right click on the

>> > link,

>> > then copy and paste into our browser's address bar.

>>

>> Which doesn't address the DNS poisoning issue. Any URL at all

>> (requiring a lookup) is suspect. Only comparing returns from a known

>> good name server can confirm if the URL's friendly name is actually

>> where your browser will be directed.

>> ..

> Point taken.

> But even before the DNS issue using the Internet involves a certain amount

> of trust.

 

....and a certain amount of luck. :o)

 

DNS is like the mother of all hosts files and adware/foistware has

already shown how useful the name servers can be for increasing

overall stickiness.

Guest Hank Arnold (MVP)

Guest Hank Arnold (MVP)

Posted
Posted

Re: DNS Randomness Test

 

FromTheRafters wrote:

> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message

> news:F0BC9CFC-527F-4ACC-9983-32838D88D5F3@microsoft.com...

>> "FromTheRafters" wrote:

>>

>>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message

>>> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...

>>>> "FromTheRafters" wrote:

>>>>

>>>>

>>>>> But how do we know that clicking that link will actually

>>>>> resolve to that (considering the topic) legitimate site? :O)

>>>>>

>>>>> URL's are not dangerous, however the software you run to

>>>>> access them may well be.

>>>>>

>>>>>

>>>> Those of us who have reached the age of discretion right click on the

>>>> link,

>>>> then copy and paste into our browser's address bar.

>>> Which doesn't address the DNS poisoning issue. Any URL at all

>>> (requiring a lookup) is suspect. Only comparing returns from a known

>>> good name server can confirm if the URL's friendly name is actually

>>> where your browser will be directed.

>>> ..

>> Point taken.

>> But even before the DNS issue using the Internet involves a certain amount

>> of trust.

>

> ...and a certain amount of luck. :o)

>

> DNS is like the mother of all hosts files and adware/foistware has

> already shown how useful the name servers can be for increasing

> overall stickiness.

>

>

 

You know, I have yet to see a single posting from you that makes any

sense..... Welcome to the Kill File (along with this thread.......)....

 

--

 

Regards,

Hank Arnold

Microsoft MVP

Windows Server - Directory Services

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

Re: DNS Randomness Test

 

 

"Hank Arnold (MVP)" <rasilon@aol.com> wrote in message

news:eWShWym8IHA.1180@TK2MSFTNGP03.phx.gbl...

> FromTheRafters wrote:

>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message

>> news:F0BC9CFC-527F-4ACC-9983-32838D88D5F3@microsoft.com...

>>> "FromTheRafters" wrote:

>>>

>>>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message

>>>> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...

>>>>> "FromTheRafters" wrote:

>>>>>

>>>>>

>>>>>> But how do we know that clicking that link will actually

>>>>>> resolve to that (considering the topic) legitimate site? :O)

>>>>>>

>>>>>> URL's are not dangerous, however the software you run to

>>>>>> access them may well be.

>>>>>>

>>>>>>

>>>>> Those of us who have reached the age of discretion right click on the

>>>>> link,

>>>>> then copy and paste into our browser's address bar.

>>>> Which doesn't address the DNS poisoning issue. Any URL at all

>>>> (requiring a lookup) is suspect. Only comparing returns from a known

>>>> good name server can confirm if the URL's friendly name is actually

>>>> where your browser will be directed.

>>>> ..

>>> Point taken.

>>> But even before the DNS issue using the Internet involves a certain

>>> amount

>>> of trust.

>>

>> ...and a certain amount of luck. :o)

>>

>> DNS is like the mother of all hosts files and adware/foistware has

>> already shown how useful the name servers can be for increasing

>> overall stickiness.

>

> You know, I have yet to see a single posting from you that makes any

> sense..... Welcome to the Kill File (along with this thread.......)....

 

Specifically what didn't you understand? I'll try to explain what I

meant in any of my previous posts.

 

Killfile me if you want, but there is no need to announce it unless

you are trolling.

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: DNS Randomness Test

 

From: "Hank Arnold (MVP)" <rasilon@aol.com>

 

 

| You know, I have yet to see a single posting from you that makes any

| sense..... Welcome to the Kill File (along with this thread.......)....

 

| --

 

| Regards,

| Hank Arnold

| Microsoft MVP

| Windows Server - Directory Services

 

I don't understand where this came from ???

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest John

Guest John

Posted
Posted

Re: DNS Randomness Test

 

 

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message

news:e7K2rkd8IHA.4924@TK2MSFTNGP02.phx.gbl...

>>

>> I'm not sure how these tools work but they seem to automatically "pick"

>> our

>> ISP's DNS IP address to scan.

>

> Yes, that's seems to be the procedure.

>

>> The thing is the IP address doesn't

>> necessarily match the ones I'm using (also belong to my ISP). As an

>> example,

>> I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell

>> me

>> that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are

>> my

>> ISP's DNS servers.

>

> Talk to you Internet Service Provider (ISP); They probably issue dynamic

> IP

> addresses.

> FYI:

> http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html

>

>> I understand that they have multiple addresses (may be hundreds/thousands

>> depending on ISP size). My questions is:

>> Is there a tool that lets us input IP address to scan?

>

> Don't know, sorry.

>

>> Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the

>> tools

>> at dns-oarc.net or doxpara.com) has been patched, they have patched the

>> rest

>> of their DNS servers and therefore it is safe to use any of their DNS?

>

 

Thanks Kayman. I use (my ISP) DNS IP addresses as forwarders on my Windows

DNS system. I guess what I can do is change the forwarders IP addresses to

the ones that have been detected as GOOD.

 

Btw, http://www.dnsstuff.com/ has a DNS vulnerability check too. Also, if

you haven't heard, check this out:

http://www.networkworld.com/news/2008/073008-dns-attack-writer-a-victim.html

> I'd assume it's safe; If in doubt talk to the ISP.

> Let us know their response.

 

Contact our ISP? That's a scary thought. I sent them an email last week,

asking them if they have fixed DNS flaw. A few days later, I got a reply

like this:

 

At this time we have made no changes to our network and we do not plan to

make any changes. We actively monitor out network for any security breaches.

 

Shortly before I received the above reply from my ISP, I used DNS check

tools from doxpara.com. It says that it's safe (a few days earlier, the

report said that my DNS was vulnerable to cache poisoning). I appears to me

that my ISP has fixed the problem but a reply from my ISP says otherwise

("we do not plan to make any changes"). Clueless tech support.

Guest Kayman

Guest Kayman

Posted
Posted

Re: DNS Randomness Test

 

On Wed, 30 Jul 2008 14:10:49 -0700, John wrote:

> "Kayman" <kaymanDeleteThis@operamail.com> wrote in message

> news:e7K2rkd8IHA.4924@TK2MSFTNGP02.phx.gbl...

>>>

>>> I'm not sure how these tools work but they seem to automatically "pick"

>>> our

>>> ISP's DNS IP address to scan.

>>

>> Yes, that's seems to be the procedure.

>>

>>> The thing is the IP address doesn't

>>> necessarily match the ones I'm using (also belong to my ISP). As an

>>> example,

>>> I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell

>>> me

>>> that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are

>>> my

>>> ISP's DNS servers.

>>

>> Talk to you Internet Service Provider (ISP); They probably issue dynamic

>> IP

>> addresses.

>> FYI:

>> http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html

>>

>>> I understand that they have multiple addresses (may be hundreds/thousands

>>> depending on ISP size). My questions is:

>>> Is there a tool that lets us input IP address to scan?

>>

>> Don't know, sorry.

>>

>>> Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the

>>> tools

>>> at dns-oarc.net or doxpara.com) has been patched, they have patched the

>>> rest

>>> of their DNS servers and therefore it is safe to use any of their DNS?

>>

>

> Thanks Kayman. I use (my ISP) DNS IP addresses as forwarders on my Windows

> DNS system. I guess what I can do is change the forwarders IP addresses to

> the ones that have been detected as GOOD.

>

> Btw, http://www.dnsstuff.com/ has a DNS vulnerability check too. Also, if

> you haven't heard, check this out:

> http://www.networkworld.com/news/2008/073008-dns-attack-writer-a-victim.html

>

>> I'd assume it's safe; If in doubt talk to the ISP.

>> Let us know their response.

>

> Contact our ISP? That's a scary thought. I sent them an email last week,

> asking them if they have fixed DNS flaw. A few days later, I got a reply

> like this:

>

> At this time we have made no changes to our network and we do not plan to

> make any changes. We actively monitor out network for any security breaches.

>

> Shortly before I received the above reply from my ISP, I used DNS check

> tools from doxpara.com. It says that it's safe (a few days earlier, the

> report said that my DNS was vulnerable to cache poisoning). I appears to me

> that my ISP has fixed the problem but a reply from my ISP says otherwise

> ("we do not plan to make any changes"). Clueless tech support.

 

Yes, I would think that your ISP has fixed (or is fixing) the problem. The

("clueless tech support") is probably a temp who may not be versed

technically :)

 

Good luck

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

Re: DNS Randomness Test

 

 

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:%23PLjKFo8IHA.3368@TK2MSFTNGP03.phx.gbl...

> From: "Hank Arnold (MVP)" <rasilon@aol.com>

>

>

> | You know, I have yet to see a single posting from you that makes any

> | sense..... Welcome to the Kill File (along with this thread.......)....

>

> | --

>

> | Regards,

> | Hank Arnold

> | Microsoft MVP

> | Windows Server - Directory Services

>

> I don't understand where this came from ???

 

Me neither, Dave. I understood me perfectly. :o)

 Share
Go to topic listing
×
×
  • Create New...