Randomness of port in DNS packet
The randomness of client ports used by recursive domain name servers to launch external queries affects the security level of domain name’s resolution greatly. If ports’ random algorithm is not secure enough, the domain name server is liable to cache poisoning attack. The well-known Kaminsky Vulnerability is the attack launched by taking advantage of the weak randomness of recursive servers’ client ports. Statistics show that the port randomness of more than 4% of China’s recursive domain name servers is weak, far above the world level of 0.98%. They are liable to DNS hijacking and attack.
Contact Us
TEL 010--58813000
Address:Floor 1, Building 1, Software Park, Chinese Academy of Sciences, 4 South 4th Street, Zhongguancun, Beijing
Postcode:100190
Tel:8610-58813000
Fax:8610-58812666
Website:www.cnnic.cn
www.中国互联网络信息中心.中国
Email:service@cnnic.cn(For Service)
supervise@cnnic.cn(For Complaint)