[dns-operations] DNS amplification attacks in draft-ietf-savi-threat-scope-08
Danny McPherson
danny at tcb.net
Fri May 24 13:32:09 UTC 2013
Good catch Stephane, comments below..
On 2013-05-16 01:44, Stephane Bortzmeyer wrote:
> IETF document
>
> <http://www.rfc-editor.org/internet-drafts/draft-ietf-savi-threat-scope-08.txt>
> (approved by IESG and currently in the RFC Editor Queue) contains:
>
>> DNS is one of the common targets of such attacks. The
>> amplification factor observed for attacks targeting DNS root and
>> other top level domain name infrastructure in early 2006 was on
>> the order of 76:1.
I'm not sure where the 76:1 came from at the time (phew, this I-D has
been around a long time) and I agree a reference sure would be helpful.
I _think what it was meant to capture was the attacks and vector
conveyed here in S2.3 et al here:
<http://www.verisign.com/static/037903.pdf>
> Two things puzzle me: I'm not sure of what attack they are referring
> to since there is no reference in the RFC. Is it the one discussed in
> tge "DNS deluge for x.p.ctrc.c" thread on the NANOG mailing list in
> february 2006?
I don't believe so. I believe it was the one referenced above but
we're talking about ~72:1 rather than 76:1.
> And the second is the mentioned amplification factor. All the DNS
> servers I know limit the size of the UDP answer to 4 096 bytes, 4 144
> with the IPv4 and UDP headers. A factor of 76:1 needs requests
> smaller
> or equal to 54 bytes, which leaves only SIX bytes for the DNS
> message... How did they reach this number?
Fortunately, it's been sitting on the AUTH48 publication ack email for
a bit so I don't think it's too late to correct the number and add a
reference. Let me see what I can do.
Thanks much!
-danny
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list