On the "randomness" of DNS
Hal Finney
hal at finney.org
Wed Jul 30 15:54:32 EDT 2008
Ben Laurie writes:
> Oh, and I should say that number of ports and standard deviation are not
> a GREAT way to test for "randomness". For example, the sequence 1000,
> 2000, ..., 27000 has 27 ports and a standard deviation of over 7500,
> which looks pretty GREAT to me. But not very "random".
That's a good point, Ben. Dan Kaminsky's DNS tester at http://www.doxpara.com/
does include output like this:
Your name server, at 1.2.3.4, appears to be safe, but make sure the
ports listed below aren't following an obvious pattern (:1001, :1002,
:1003, or :30000, :30020, :30100...).
Requests seen for dae687514c50.doxdns5.com:
1.2.3.4:34023 TXID=64660
1.2.3.4:50662 TXID=51678
1.2.3.4:55984 TXID=49711
1.2.3.4:17745 TXID=12263
1.2.3.4:26318 TXID=59610
This shows only the last 5 ports so it won't detect an LCG, but at least
it can detect some of the more obvious patterns.
Hal Finney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list