IETF document <http://www.rfc-editor.org/internet-drafts/draft-ietf-savi-threat-scope-08.txt> (approved by IESG and currently in the RFC Editor Queue) contains:
> DNS is one of the common targets of such attacks. The > amplification factor observed for attacks targeting DNS root and > other top level domain name infrastructure in early 2006 was on > the order of 76:1. Two things puzzle me: I'm not sure of what attack they are referring to since there is no reference in the RFC. Is it the one discussed in tge "DNS deluge for x.p.ctrc.c" thread on the NANOG mailing list in february 2006? And the second is the mentioned amplification factor. All the DNS servers I know limit the size of the UDP answer to 4 096 bytes, 4 144 with the IPv4 and UDP headers. A factor of 76:1 needs requests smaller or equal to 54 bytes, which leaves only SIX bytes for the DNS message... How did they reach this number? _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
