The best test for vulnerability to the DNS flaw

Don't use Web site names to test whether you can trust Web site names. Use the actual IP address instead.

Not only is there is a flaw in the Domain Name System , there is also a flaw in the suggested ways to test whether your computer is vulnerable.

Many articles suggest going to Web site x or y to run vulnerability tests. (I'm guilty of this too.) But the nature of the problem is that you can't trust Web site names.

The fallacy is simple: use a name you can't trust to see if you can trust a name.

As I explained in " What you need to know about the latest DNS flaw ," every Web site can be accessed by an IP address. The DNS flaw does not affect this rare, but quite valid, method of addressing Web sites. Thus, it's the best approach for an online vulnerability test.

One often-cited vulnerability test is offered by the DNS Operations, Analysis, and Research Center (DNS-OARC) at: https://www.dns-oarc.net/oarc/services/dnsentropy

I asked them about using an IP address to get to their online test and was told (thanks, Duane) that the test is also available at:

http://149.20.3.33/test/

To me, this is the best vulnerability test for the current DNS flaw.

While this link bypasses the introduction to the topic offered by DNS-OARC, hopefully your computer is safe and you won't need to read about the problem. If all is well, it will report "great" for both the source port randomness and the transaction ID randomness.

If you are vulnerable, see " A cheatsheet for defending against the DNS flaw ."

See a summary of all my Defensive Computing postings.

About the author

    Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

    He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.

    Disclosure.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments