DNS Randomness Test

D

David H. Lipman

From: "FromTheRafters" <erratic@ne.rr.com>


| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:OAgv1kb8IHA.4532@TK2MSFTNGP05.phx.gbl...
>> From: "Twayne" <nobody@devnull.spamcop.net>



>> | Yes, it does. But clicking a link in any spam is asking for trouble
>> | sooner or later.


>> Except this was a legitimate post and was in no way shape or form 'spam'.

| This guy hates spam.

| To a hammer, everything looks like a nail. :eek:)



:)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
 
F

FromTheRafters

"Newell White" <NewellWhite@discussions.microsoft.com> wrote in message
news:F0BC9CFC-527F-4ACC-9983-32838D88D5F3@microsoft.com...
> "FromTheRafters" wrote:
>
>>
>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message
>> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...
>> >
>> > "FromTheRafters" wrote:
>> >
>> >
>> >>
>> >> But how do we know that clicking that link will actually
>> >> resolve to that (considering the topic) legitimate site? :O)
>> >>
>> >> URL's are not dangerous, however the software you run to
>> >> access them may well be.
>> >>
>> >>
>> > Those of us who have reached the age of discretion right click on the
>> > link,
>> > then copy and paste into our browser's address bar.
>>
>> Which doesn't address the DNS poisoning issue. Any URL at all
>> (requiring a lookup) is suspect. Only comparing returns from a known
>> good name server can confirm if the URL's friendly name is actually
>> where your browser will be directed.
>> ..
> Point taken.
> But even before the DNS issue using the Internet involves a certain amount
> of trust.

....and a certain amount of luck. :eek:)

DNS is like the mother of all hosts files and adware/foistware has
already shown how useful the name servers can be for increasing
overall stickiness.
 
H

Hank Arnold (MVP)

FromTheRafters wrote:
> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message
> news:F0BC9CFC-527F-4ACC-9983-32838D88D5F3@microsoft.com...
>> "FromTheRafters" wrote:
>>
>>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message
>>> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...
>>>> "FromTheRafters" wrote:
>>>>
>>>>
>>>>> But how do we know that clicking that link will actually
>>>>> resolve to that (considering the topic) legitimate site? :O)
>>>>>
>>>>> URL's are not dangerous, however the software you run to
>>>>> access them may well be.
>>>>>
>>>>>
>>>> Those of us who have reached the age of discretion right click on the
>>>> link,
>>>> then copy and paste into our browser's address bar.
>>> Which doesn't address the DNS poisoning issue. Any URL at all
>>> (requiring a lookup) is suspect. Only comparing returns from a known
>>> good name server can confirm if the URL's friendly name is actually
>>> where your browser will be directed.
>>> ..
>> Point taken.
>> But even before the DNS issue using the Internet involves a certain amount
>> of trust.
>
> ...and a certain amount of luck. :eek:)
>
> DNS is like the mother of all hosts files and adware/foistware has
> already shown how useful the name servers can be for increasing
> overall stickiness.
>
>

You know, I have yet to see a single posting from you that makes any
sense..... Welcome to the Kill File (along with this thread.......)....

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services
 
F

FromTheRafters

"Hank Arnold (MVP)" <rasilon@aol.com> wrote in message
news:eWShWym8IHA.1180@TK2MSFTNGP03.phx.gbl...
> FromTheRafters wrote:
>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message
>> news:F0BC9CFC-527F-4ACC-9983-32838D88D5F3@microsoft.com...
>>> "FromTheRafters" wrote:
>>>
>>>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in message
>>>> news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...
>>>>> "FromTheRafters" wrote:
>>>>>
>>>>>
>>>>>> But how do we know that clicking that link will actually
>>>>>> resolve to that (considering the topic) legitimate site? :O)
>>>>>>
>>>>>> URL's are not dangerous, however the software you run to
>>>>>> access them may well be.
>>>>>>
>>>>>>
>>>>> Those of us who have reached the age of discretion right click on the
>>>>> link,
>>>>> then copy and paste into our browser's address bar.
>>>> Which doesn't address the DNS poisoning issue. Any URL at all
>>>> (requiring a lookup) is suspect. Only comparing returns from a known
>>>> good name server can confirm if the URL's friendly name is actually
>>>> where your browser will be directed.
>>>> ..
>>> Point taken.
>>> But even before the DNS issue using the Internet involves a certain
>>> amount
>>> of trust.
>>
>> ...and a certain amount of luck. :eek:)
>>
>> DNS is like the mother of all hosts files and adware/foistware has
>> already shown how useful the name servers can be for increasing
>> overall stickiness.
>
> You know, I have yet to see a single posting from you that makes any
> sense..... Welcome to the Kill File (along with this thread.......)....

Specifically what didn't you understand? I'll try to explain what I
meant in any of my previous posts.

Killfile me if you want, but there is no need to announce it unless
you are trolling.
 
J

John

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message
news:e7K2rkd8IHA.4924@TK2MSFTNGP02.phx.gbl...
>>
>> I'm not sure how these tools work but they seem to automatically "pick"
>> our
>> ISP's DNS IP address to scan.
>
> Yes, that's seems to be the procedure.
>
>> The thing is the IP address doesn't
>> necessarily match the ones I'm using (also belong to my ISP). As an
>> example,
>> I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell
>> me
>> that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are
>> my
>> ISP's DNS servers.
>
> Talk to you Internet Service Provider (ISP) They probably issue dynamic
> IP
> addresses.
> FYI:
> http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html
>
>> I understand that they have multiple addresses (may be hundreds/thousands
>> depending on ISP size). My questions is:
>> Is there a tool that lets us input IP address to scan?
>
> Don't know, sorry.
>
>> Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the
>> tools
>> at dns-oarc.net or doxpara.com) has been patched, they have patched the
>> rest
>> of their DNS servers and therefore it is safe to use any of their DNS?
>

Thanks Kayman. I use (my ISP) DNS IP addresses as forwarders on my Windows
DNS system. I guess what I can do is change the forwarders IP addresses to
the ones that have been detected as GOOD.

Btw, http://www.dnsstuff.com/ has a DNS vulnerability check too. Also, if
you haven't heard, check this out:
http://www.networkworld.com/news/2008/073008-dns-attack-writer-a-victim.html

> I'd assume it's safe If in doubt talk to the ISP.
> Let us know their response.

Contact our ISP? That's a scary thought. I sent them an email last week,
asking them if they have fixed DNS flaw. A few days later, I got a reply
like this:

At this time we have made no changes to our network and we do not plan to
make any changes. We actively monitor out network for any security breaches.

Shortly before I received the above reply from my ISP, I used DNS check
tools from doxpara.com. It says that it's safe (a few days earlier, the
report said that my DNS was vulnerable to cache poisoning). I appears to me
that my ISP has fixed the problem but a reply from my ISP says otherwise
("we do not plan to make any changes"). Clueless tech support.
 
K

Kayman

On Wed, 30 Jul 2008 14:10:49 -0700, John wrote:

> "Kayman" <kaymanDeleteThis@operamail.com> wrote in message
> news:e7K2rkd8IHA.4924@TK2MSFTNGP02.phx.gbl...
>>>
>>> I'm not sure how these tools work but they seem to automatically "pick"
>>> our
>>> ISP's DNS IP address to scan.
>>
>> Yes, that's seems to be the procedure.
>>
>>> The thing is the IP address doesn't
>>> necessarily match the ones I'm using (also belong to my ISP). As an
>>> example,
>>> I'm using x.x.x.x as my resolver but the tools pick up y.y.y.y and tell
>>> me
>>> that the test is good (it's been patched). Both x.x.x.x and y.y.y.y are
>>> my
>>> ISP's DNS servers.
>>
>> Talk to you Internet Service Provider (ISP) They probably issue dynamic
>> IP
>> addresses.
>> FYI:
>> http://searchwindevelopment.techtarget.com/sDefinition/0,,sid8_gci520967,00.html
>>
>>> I understand that they have multiple addresses (may be hundreds/thousands
>>> depending on ISP size). My questions is:
>>> Is there a tool that lets us input IP address to scan?
>>
>> Don't know, sorry.
>>
>>> Or is it safe to assume that if my ISP DNS at x.x.x.x (as seen by the
>>> tools
>>> at dns-oarc.net or doxpara.com) has been patched, they have patched the
>>> rest
>>> of their DNS servers and therefore it is safe to use any of their DNS?
>>
>
> Thanks Kayman. I use (my ISP) DNS IP addresses as forwarders on my Windows
> DNS system. I guess what I can do is change the forwarders IP addresses to
> the ones that have been detected as GOOD.
>
> Btw, http://www.dnsstuff.com/ has a DNS vulnerability check too. Also, if
> you haven't heard, check this out:
> http://www.networkworld.com/news/2008/073008-dns-attack-writer-a-victim.html
>
>> I'd assume it's safe If in doubt talk to the ISP.
>> Let us know their response.
>
> Contact our ISP? That's a scary thought. I sent them an email last week,
> asking them if they have fixed DNS flaw. A few days later, I got a reply
> like this:
>
> At this time we have made no changes to our network and we do not plan to
> make any changes. We actively monitor out network for any security breaches.
>
> Shortly before I received the above reply from my ISP, I used DNS check
> tools from doxpara.com. It says that it's safe (a few days earlier, the
> report said that my DNS was vulnerable to cache poisoning). I appears to me
> that my ISP has fixed the problem but a reply from my ISP says otherwise
> ("we do not plan to make any changes"). Clueless tech support.

Yes, I would think that your ISP has fixed (or is fixing) the problem. The
("clueless tech support") is probably a temp who may not be versed
technically :)

Good luck
 
F

FromTheRafters

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23PLjKFo8IHA.3368@TK2MSFTNGP03.phx.gbl...
> From: "Hank Arnold (MVP)" <rasilon@aol.com>
>
>
> | You know, I have yet to see a single posting from you that makes any
> | sense..... Welcome to the Kill File (along with this thread.......)....
>
> | --
>
> | Regards,
> | Hank Arnold
> | Microsoft MVP
> | Windows Server - Directory Services
>
> I don't understand where this came from ???

Me neither, Dave. I understood me perfectly. :eek:)
 
L

Lon

Twayne wrote:
>> "FromTheRafters" wrote:
>>
>>> "Newell White" <NewellWhite@discussions.microsoft.com> wrote in
>>> message news:95A1A3F1-36FD-4D16-A484-0077C2EA2DC9@microsoft.com...
>>>> "FromTheRafters" wrote:
>>>>
>>>>
>>>>> But how do we know that clicking that link will actually
>>>>> resolve to that (considering the topic) legitimate site? :O)
>>>>>
>>>>> URL's are not dangerous, however the software you run to
>>>>> access them may well be.
>>>>>
>>>>>
>>>> Those of us who have reached the age of discretion right click on
>>>> the link,
>>>> then copy and paste into our browser's address bar.
>>> Which doesn't address the DNS poisoning issue. Any URL at all
>>> (requiring a lookup) is suspect. Only comparing returns from a known
>>> good name server can confirm if the URL's friendly name is actually
>>> where your browser will be directed.
>>> ..
>> Point taken.
>> But even before the DNS issue using the Internet involves a certain
>> amount of trust.
>
> Yes, it does. But clicking a link in any spam is asking for trouble
> sooner or later.
>
>
Only if you have no idea how to check the link or use an operating
system.
 
W

What's in a Name?

David H. Lipman on 7/29/2008 in <uOIAEcW8IHA.1468@TK2MSFTNGP05.phx.gbl>
wrote:

> From: "Twayne" <nobody@devnull.spamcop.net>
> >rant snipped<
>
> This was NOT spam and I invite Kayman to post other security related
> information as he did in this post!

*begin rant*

A few years ago I posted a link to the Netcraft Toolbar when it first
came out. I thought some people would find it useful and I was reported
by a certain MVP to my ISP as a spammer. I guess if you find some
security software that is not approved by Microsoft, it doesn't belong
in here. What a joke! They should go after the REAL spammers (like the
one above this thread)

max

P.S. is my sig spam too?

*end rant*
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Tools http://max.shplink.com/tools.html
Change nomail.afraid.org to gmail.com to reply by email.
 
B

~BD~

This was my result:
DNS Resolver(s) Tested:
1.. 195.93.61.21 (dns-frr01.proxy.aol.com) appears to have GREAT source
port randomness and GREAT transaction ID randomness.
Test time: 2008-08-02 07:42:41 UTC



So AOL isn't *all* bad, eh? <wink>

Dave

"Kayman" <kaymanDeleteThis@operamail.com> wrote in message
news:%23xrpadL8IHA.3624@TK2MSFTNGP05.phx.gbl...
> "The test takes a few seconds to complete. When its done you'll see a page
> where the transaction ID and source port randomness will be rated either
> GREAT, GOOD, or POOR. If you see a POOR rating, we recommend that contact
> your ISP and ask if they have plans to upgrade their nameserver software
> before August 7th."
> https://www.dns-oarc.net/oarc/services/dnsentropy
>
 
B

~BD~

"~BD~" <~BD~@nospam.invalid> wrote in message
news:%23JOE2PH9IHA.5404@TK2MSFTNGP04.phx.gbl...
> This was my result:
> DNS Resolver(s) Tested:
> 1.. 195.93.61.21 (dns-frr01.proxy.aol.com) appears to have GREAT source
> port randomness and GREAT transaction ID randomness.
> Test time: 2008-08-02 07:42:41 UTC
>
>
>
> So AOL isn't *all* bad, eh? <wink>
>
> Dave
>

Ahhh - but wait!

I've tried again today - but this time I didn't use my AOL browser, simply
Internet Explorer.This was the result:
DNS Resolver(s) Tested:
1.. 4.68.25.1 appears to have GOOD source port randomness and GREAT
transaction ID randomness.
2.. 4.68.25.3 appears to have GOOD source port randomness and GREAT
transaction ID randomness.
Test time: 2008-08-05 17:49:47 UTC

Note that standard deviation is usually, but not always, a good indicator of
randomness. Your brain is a better detector of randomness, so be sure to
take a look at the scatter plots below. If you see patterns (such as
straight lines), the values are probably less random than reported.

******************************

Please will someone explain why my IP address is so different, just because
I used a different browser for the check? TIA

Dave
 
You must log in or register to reply here.

Similar threads

A
  • Article
How real-world businesses are transforming with AI
Replies
0
Views
18
Alysa Taylor
A
G
Binance Customer Care(( Number ฿฿ I844 2OO 1761 ฿฿ for easy way to Customer Support
Replies
0
Views
319
gisawuvo
G
Server Man
DSC Resource Kit Release June 2019
Replies
0
Views
565
Server Man
Server Man
D
POSSIBLE SOLUTIONS For the 'Host Process for Windows Tasks' - Taskhostw.exe Stopped Working - Event ID 1000
Replies
0
Views
375
Daknut
D
Server Man
Windows Server 2016/2019 Cluster Resource / Resource Types
Replies
0
Views
652
Server Man
Server Man
Back
Top Bottom