About this test: In order to translate a mnemonic name (such as "netalyzr.icsi.berkeley.edu") to an IP address, your computer contacts a Domain Name Service (DNS) resolver. This is a computer controlled by your ISP which acts as an intermediary. Recently, a series of cache poisoning attacks on the DNS system were discovered that can be thwarted in a number of ways.

One such defense is DNS port randomization. If your ISP's DNS resolver does not implement port randomization, you and all other users of this resolver are potentially vulnerable to DNS cache poisoning, where an attacker can cause any name to resolve to a system they control, allowing them to intercept and modify effectively all network traffic!

In this test we check whether your ISP's DNS resolver employs port randomization to protect you from cache poisoning attacks.

What if this test reports a problem: Lacking port randomization is both a very serious and now nearly two year old problem. You should contact your network provider or consider using a third-party DNS service provider such as Open DNS or Google Public DNS.

For additional information on these tests, please consult the Netalyzr help site over at the New Scientist.