Question

In: Computer Science

In order to implement a DNS amplification attack, the attacker must trigger the creation of a...

  1. In order to implement a DNS amplification attack, the attacker must trigger the creation of a sufficiently large volume of DNS response packets from the intermediary to exceed the capacity of the link to the target organization. Consider an attack where the DNS response packets are 1000 bytes in size (ignoring framing overhead).

    1. How many of these packets per second must the attacker trigger to flood a target organization using a 30-Mbps link? A 100-Mbps link? Or a 1-Gbps link?

    2. If the DNS request packet to the intermediary is 60 bytes in size, how much bandwidth does the attacker consume to send the necessary rate of DNS request packets for each of these three cases?

Solutions

Expert Solution

The DNS response packets are 1000 bytes in size = 8000 bits in size.

To flood a 30 - Mbps = 30000000 bits per second link, it would take 30000000/8000=3750 packets per second.

To flood a 100 - Mbps = 100000000 bits per second link, it would take 100000000/8000=12500 packets per second.

To flood a 1 - Gbps = 1000000000 bits per second link, it would take 1000000000/8000=125000 packets per second.

The amount of bandwidth for a 30 - Mbps link would be 3750 packets * 60 bytes per intermediary DNS request packet * 8 bits per byte = 1800000 bits per second = 1800 kbps.

The amount of bandwidth for 100 - Mbps link would be 12500 packets * 60 bytes per intermediary DNS request packet * 8 bits per bytes = 6000000 bits per second = 6000 kbps.

The amount of the bandwidth for 1 - Gbps link would be 125000 packets * 60 bytes per intermediary DNS request packet * 8 bits per bytes = 60000000 bits per second = 60000 kbps.


Related Solutions

In order to implement a DNS amplification attack, the attacker must trigger the creation of a...
In order to implement a DNS amplification attack, the attacker must trigger the creation of a sufficiently large volume of DNS response packets from the intermediary to exceed the capacity of the link to the target organization. Consider an attack where the DNS response packets are 1000 bytes in size (ignoring framing overhead). a. How many of these packets per second must the attacker trigger to flood a target organization using a 30-Mbps link? A 100-Mbps link? Or a 1-Gbps...
In order to implement the classic DoS flood attack, the attacker must generate a sufficiently large...
In order to implement the classic DoS flood attack, the attacker must generate a sufficiently large volume of packets to exceed the capacity of the link to the target organization. Consider an attack using ICMP echo request (ping) packets that are 500 bytes in size (ignoring framing overhead). How many of these packets per second must the attacker send to flood a target organization using a 30-Mbps link? How many per second if the attacker uses a 100-Mbps link? Or...
in order to destroy a DNS server what kind of attack can you propose? discuss possible...
in order to destroy a DNS server what kind of attack can you propose? discuss possible protections to your proposals
Network security question: what is dns? how does it work? identify the attack surface of dns....
Network security question: what is dns? how does it work? identify the attack surface of dns. clearly detail how the exploitable services of dns can be attacked
Consider a distributed variant of the attack in the previous problem. Assume the attacker has compromised...
Consider a distributed variant of the attack in the previous problem. Assume the attacker has compromised a number of broadband-connected residential PCs to use as zombie systems. Also assume each such system has an average uplink capacity of 512 kbps. * a. What is the maximum number of 500-byte ICMP echo request (ping) packets a single zombie PC can send per second? * b. How many such zombie systems would the attacker need to flood a target organization using a...
Give three different techniques that an attacker can use to make a victim send DNS requests...
Give three different techniques that an attacker can use to make a victim send DNS requests to domains chosen by the attacker.
Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection...
Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 256 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used...
Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection...
Using a TCP SYN spoofing attack, the attacker aims to flood the table of TCP connection requests on a system so that it is unable to respond to legitimate connection requests. Consider a server system with a table for 256 connection requests. This system will retry sending the SYN-ACK packet five times when it fails to receive an ACK packet in response, at 30 second intervals, before purging the request from its table. Assume that no additional countermeasures are used...
Implement a stored procedure to handle a complete transaction. Also implement a trigger to validate data...
Implement a stored procedure to handle a complete transaction. Also implement a trigger to validate data before a transaction is permitted to execute. Schema: Customer Table CustomerID (PK). FirstName (NOT NULL). LastName (NOT NULL). Address. City. State. Zip. Country. Phone. Email (UNIQUE and NOT NULL). Username (UNIQUE and NOT NULL). Password (NOT NULL). Order Table OrderID (PK). CustomerID (FK). OrderDate. ShipDate. Order Detail Table OrderDetailID (PK). OrderID (FK). ProductID (FK). Price. Quantity (CHECK > 0). Product Table ProductID (PK). CategoryID...
What is a DNS cache poisoning attack, and how does it affect a network client? How...
What is a DNS cache poisoning attack, and how does it affect a network client? How does the Response Rate Limiting role feature mitigate a DNS amplification attack? What are the two keys that must be generated if you want to secure a zone with a digital signature? What is the purpose of each? What is DNS delegated administration, why might you want to use it, and how do you configure it? How are trust anchors distributed?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT