[dns-operations] responding to spoofed ANY queries
Casey Deccio
casey at deccio.net
Thu Jan 10 23:48:02 UTC 2013
On Thu, Jan 10, 2013 at 2:24 PM, Vernon Schryver <vjs at rhyolite.com> wrote:
> > thumb for reasonable response rate given query rates, but it seems like
> 50%
> > is in fact a good starting place.
>
> With slip=2 and the victim trying and retrying a total 3 times, the
> probability that all of the victims responses will be dropped is
> 0.5*0.5*0.5 = 0.125. That makes the probability that the victim
> will get a response despite matching the DoS flood about 88%. That's
> not perfect, but not bad.
Thanks for correcting my math. I was thinking that the probability that
the victim got a response was dependent on query rate, but of course that
would only be the case if response rate was a function of responses per
time interval, not responses per number of queries. It's simply a function
of response rate and retry, i.e., p = 1 - (1 - (1/slip))^retries -- a much
better success rate than the alternative in the midst of a flood of forged
queries.
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130110/0d236098/attachment.html>
More information about the dns-operations
mailing list