From mboxrd@z Thu Jan 1 00:00:00 1970 To: 9fans@9fans.net Subject: Re: [9fans] dns exploits (self-promotion remix) From: "Russ Cox" Date: Sun, 27 Jul 2008 12:19:42 -0400 In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Message-Id: <20080727161735.B8D881E8C1C@holo.morphisms.net> Topicbox-Message-UUID: f28d3c30-ead3-11e9-9d60-3106f5b1d025 >> those things combined mean that you get 15 bits of randomness >> from query id and 15 from source port, giving 30 bits, >> so ndb/dns is okay (for now). > > why only 15 in the query id? that's an artifact of rand() > which returns 0 ≤ n ≤ 0x7fff. why not return numbers > between 0 and 0xffff? one might change rand or dns to get 16 bits, and that'd be fine. i doubt many programs depend on rand not returning numbers bigger than 32767. or you could use fastrand()&0xffff in dns, which would be even better. it's just one bit though. getting the other 15 was more important. russ