Hello Makoto, > Thank you for the clarification, Tim. > That is exactly what I wanted to say. :) > > By the way, as regards recent Bind 9, birthday attack is much more > difficult to conduct because even if the attacker sends multiple > simultaneous recursive queries, Bind 9 aggregates these queries. Aggregating queries would definitely help if you assume the attacker can make recursive queries. However, it was my understanding (which could be completely wrong) that BIND 9 reuses sockets for multiple queries, unlike previous versions, and this makes spoofed attacks easier in another respect. (Of course this all has nothing to do with the Windows-specific flaw.) > In addition, there is a patch written by Jinmei-san for Bind 9.4.0 > (current release) to randomize source ports. > > http://www.jinmei.org/bind-9.4.0-portpool.patch > http://member.wide.ad.jp/tr/wide-tr-dns-bind9-portpool-01.txt > (technical report from WIDE project in Japanese) That's good, that at least someone is trying to do this in BIND. thanks for the info, tim
