Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID I bought a New Nintendo 3DS XL (US) with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from spoofing responses. (For example, see MS08-020 when this happened to Microsoft, although theirs was just not very random, yours is just incrementing so it's even worse). Note: this can also work behind NAT, because that just session matches and UDP has no ISN to verify. https://blogs.technet.microsoft.com/srd/2008/04/09/ms08-020-how-predictable-is-the-dns-transaction-id/ In general, you need an unpredictable src port (16 bits) and dns txid (16 bits) to prevent a remote attacker from spoofing responses. An example attack scenario would be someone using the browser to visit attacker.com. User visits attacker.com Attacker forces a lookup to asdad839qd.attacker.com via or whatever. Now attacker can guess your resolver, etc. Attacker create an