[dns-operations] responding to spoofed ANY queries

Casey Deccio casey at deccio.net
Thu Jan 10 23:48:02 UTC 2013

On Thu, Jan 10, 2013 at 2:24 PM, Vernon Schryver <vjs at rhyolite.com> wrote:

> > thumb for reasonable response rate given query rates, but it seems like
> 50%
> > is in fact a good starting place.

> With slip=2 and the victim trying and retrying a total 3 times, the
> probability that all of the victims responses will be dropped is
> 0.5*0.5*0.5 = 0.125.  That makes the probability that the victim
> will get a response despite matching the DoS flood about 88%.  That's
> not perfect, but not bad.

Thanks for correcting my math.  I was thinking that the probability that
the victim got a response was dependent on query rate, but of course that
would only be the case if response rate was a function of responses per
time interval, not responses per number of queries.  It's simply a function
of response rate and retry, i.e., p = 1 - (1 - (1/slip))^retries -- a much
better success rate than the alternative in the midst of a flood of forged

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20130110/0d236098/attachment.html>

More information about the dns-operations mailing list