[dns-operations] the mathematics of kaminsky spoofing probability
bert hubert
bert.hubert at netherlabs.nl
Mon Aug 4 10:43:33 UTC 2008
On Sat, Aug 02, 2008 at 12:35:28AM +0200, bert hubert wrote:
> If you plug in some realistic numbers in the P_cs formula, the chance of
> succesfully spoofing a domain within two hours is around 8.1%, assuming you
> can get 50000 packets/second to arrive at the resolver.
>
> This will have cost you in the order of 1.5-2 gigabyte of packets though.
>
> After 24 hours, the chance rises to around 64% - costing you 0.4TB of packets.
The first gigabyte number is wrong - 2 hours of this will cost you around
36GB of packets. 24 hours around 0.4TB of packets.
This is assuming 100 bytes per attempt, which at 50000 packets/s is around
40 megabits/s. Given some overhead, make it a good 50 megabits/s.
Bert
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the dns-operations
mailing list