[dns-operations] the mathematics of kaminsky spoofing probability

bert hubert bert.hubert at netherlabs.nl
Mon Aug 4 10:43:33 UTC 2008

On Sat, Aug 02, 2008 at 12:35:28AM +0200, bert hubert wrote:

> If you plug in some realistic numbers in the P_cs formula, the chance of
> succesfully spoofing a domain within two hours is around 8.1%, assuming you
> can get 50000 packets/second to arrive at the resolver.
> This will have cost you in the order of 1.5-2 gigabyte of packets though.
> After 24 hours, the chance rises to around 64% - costing you 0.4TB of packets.

The first gigabyte number is wrong - 2 hours of this will cost you around
36GB of packets. 24 hours around 0.4TB of packets.

This is assuming 100 bytes per attempt, which at 50000 packets/s is around
40 megabits/s. Given some overhead, make it a good 50 megabits/s.


http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the dns-operations mailing list