Abstract by Michael Briggs
Security Through Source Port Randomization
Source port randomization is a practice employed by DNS resolvers to protect against malicious behavior on the internet. Without proper randomization, hackers can predict an outgoing port, allowing them to intercept data and return fake responses. We wanted to perform an analysis of this practice in the wild. We sent multiple queries to different resolvers, and recorded the port that they responded with. Using a heuristic analysis of source port ranges, we are able to identify behavioral trends of source port randomization, and discover which resolvers are adhering to best practices for DNS resolution.