RealTime IT News

Google Public DNS: But Is It Safe?


Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT

googlecodegif.gif

From the "H D Moore Knows" files:

Yesterday, Google launched its new Public DNS service. Among the benefits that Google is claiming for the new service is that it helps to secure DNS for users.

Is that an accurate claim?

One of the big issues that security researcher Dan Kaminsky disclosed about DNS insecurity in 2008 was that DNS request information wasn't quite as random as it should be. The way DNS works is that each DNS request is supposed to carry with it a random number transaction ID. But it turns out that the random number is only one out of 65,000. DNS is at risk when there isn't enough randomization and a hacker can "guess" the number.

So is Google's Public DNS random enough?

I got a comment from the famed security researcher, Metasploit founder and CSO at Rapid7, H D Moore, on that point. Moore knows what he's talking about when it comes to DNS exploits as his Metasploit tool was among the first to have a weaponized version of the Kaminsky DNS flaw.

Moore has now put together a mapping of Google's source port distribution on the Public DNS service. In his view, it looks like the source ports are sufficiently random, even though they are limited to a small range of ports.

Here's his graph, click for the full size. (credit: H D Moore, Rapid7):

googledns.png

[Continue reading this blog post at Netstat -vat by Sean Michael Kerner]