Re: [pfSense Support] DNS cache poisoning

Beat Siegenthaler Mon, 21 Jul 2008 15:54:40 -0700

Beat Siegenthaler wrote:

And I think it is not really a big problem as long the transaction ID'sare really good random.



Curiosity killed the Cat:

done a dump on pfSense at the dmz-side. It looks that the source portsfrom BIND are very good in random. But at the wan-side, the ports arejust ascending more or less. What about the mentioned UDP timeout?I try to check out another time what the openwrt, exactly X-WRT (it'snot dd-wrt like mentioned before) guys do better in this case ...



 Number of samples: 29
   Unique ports: 29
   Range: 21929 - 21961
   Modified Standard Deviation: 9
   Bits of Randomness: 5

Values Seen: 21929 21930 21931 21932 21933 21934 21935 21936 2193721938 21939 21940 21941 21942 21943 21944 21945 21946 21947 21948

   21949 21950 21951 21952 21953 21954 21956 21960 21961

At the other side, the real good random values before NAT:

00:25:48.787921 4872 my_dns_server.9391 > oarc_test.3.35.53:   47201%
00:25:48.979118 4872 my_dns_server.61156 > oarc_test.3.36.53:   36685%
00:25:49.168621 4877 my_dns_server.44809 > oarc_test.3.37.53:   6012%
00:25:49.357540 4878 my_dns_server.27958 > oarc_test.3.38.53:   1136%
00:25:49.544582 4879 my_dns_server.56394 > oarc_test.3.39.53:   1611%
00:25:49.731813 4880 my_dns_server.24383 > oarc_test.3.40.53:   25202%
00:25:49.919190 4909 my_dns_server.60308 > oarc_test.3.41.53:   58128%
00:25:50.108660 4924 my_dns_server.27970 > oarc_test.3.42.53:   63983%
00:25:50.312579 4925 my_dns_server.16216 > oarc_test.3.43.53:   257%
00:25:50.498615 4926 my_dns_server.34101 > oarc_test.3.44.53:   54490%
00:25:50.689823 4928 my_dns_server.38677 > oarc_test.3.45.53:   57967%
00:25:50.878837 4947 my_dns_server.39679 > oarc_test.3.46.53:   32702%
00:25:51.068412 4966 my_dns_server.29164 > oarc_test.3.47.53:   61296%
00:25:51.255607 4967 my_dns_server.13102 > oarc_test.3.48.53:   58659%
00:25:51.471649 4968 my_dns_server.18020 > oarc_test.3.49.53:   8577%
00:25:51.661415 4969 my_dns_server.31855 > oarc_test.3.50.53:   63803%
00:25:51.850299 4982 my_dns_server.47298 > oarc_test.3.51.53:   400%
00:25:52.039704 5007 my_dns_server.41360 > oarc_test.3.52.53:   35624%
00:25:52.228943 5008 my_dns_server.18233 > oarc_test.3.53.53:   24806%
00:25:52.418190 5009 my_dns_server.37245 > oarc_test.3.54.53:   9403%
00:25:52.605281 5010 my_dns_server.49778 > oarc_test.3.55.53:   24300%
00:25:52.796269 5017 my_dns_server.64789 > oarc_test.3.56.53:   52018%
00:25:52.991502 5040 my_dns_server.63998 > oarc_test.3.57.53:   7458%
00:25:53.181050 5049 my_dns_server.14257 > oarc_test.3.58.53:   13284%
00:25:53.372107 5050 my_dns_server.8396 > oarc_test.3.59.53:   24801%
00:25:53.561257 5053 my_dns_server.65268 > oarc_test.3.59.53:   10654%
00:25:53.750866 5057 my_dns_server.44739 > oarc_test.3.59.53:   20519%

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] DNS cache poisoning

Reply via email to