Good catch Stephane, comments below..
On 2013-05-16 01:44, Stephane Bortzmeyer wrote:
IETF document
<http://www.rfc-editor.org/internet-drafts/draft-ietf-savi-threat-scope-08.txt>
(approved by IESG and currently in the RFC Editor Queue) contains:
DNS is one of the common targets of such attacks. The
amplification factor observed for attacks targeting DNS root and
other top level domain name infrastructure in early 2006 was on
the order of 76:1.
I'm not sure where the 76:1 came from at the time (phew, this I-D has
been around a long time) and I agree a reference sure would be helpful.
I _think what it was meant to capture was the attacks and vector
conveyed here in S2.3 et al here:
<http://www.verisign.com/static/037903.pdf>
Two things puzzle me: I'm not sure of what attack they are referring
to since there is no reference in the RFC. Is it the one discussed in
tge "DNS deluge for x.p.ctrc.c" thread on the NANOG mailing list in
february 2006?
I don't believe so. I believe it was the one referenced above but
we're talking about ~72:1 rather than 76:1.
And the second is the mentioned amplification factor. All the DNS
servers I know limit the size of the UDP answer to 4 096 bytes, 4 144
with the IPv4 and UDP headers. A factor of 76:1 needs requests
smaller
or equal to 54 bytes, which leaves only SIX bytes for the DNS
message... How did they reach this number?
Fortunately, it's been sitting on the AUTH48 publication ack email for
a bit so I don't think it's too late to correct the number and add a
reference. Let me see what I can do.
Thanks much!
-danny
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
