Question

1. In order to implement a DNS amplification attack, the attacker must trigger the creation of a sufficiently large volume of DNS response packets from the intermediary to exceed the capacity of the link to the target organization. Consider an attack where the DNS response packets are 1000 bytes in size (ignoring framing overhead).

   1. How many of these packets per second must the attacker trigger to flood a target organization using a 30-Mbps link? A 100-Mbps link? Or a 1-Gbps link?

   2. If the DNS request packet to the intermediary is 60 bytes in size, how much bandwidth does the attacker consume to send the necessary rate of DNS request packets for each of these three cases?

Answer 1

The DNS response packets are 1000 bytes in size = 8000 bits in size.

To flood a 30 - Mbps = 30000000 bits per second link, it would take 30000000/8000=3750 packets per second.

To flood a 100 - Mbps = 100000000 bits per second link, it would take 100000000/8000=12500 packets per second.

To flood a 1 - Gbps = 1000000000 bits per second link, it would take 1000000000/8000=125000 packets per second.

The amount of bandwidth for a 30 - Mbps link would be 3750 packets * 60 bytes per intermediary DNS request packet * 8 bits per byte = 1800000 bits per second = 1800 kbps.

The amount of bandwidth for 100 - Mbps link would be 12500 packets * 60 bytes per intermediary DNS request packet * 8 bits per bytes = 6000000 bits per second = 6000 kbps.

The amount of the bandwidth for 1 - Gbps link would be 125000 packets * 60 bytes per intermediary DNS request packet * 8 bits per bytes = 60000000 bits per second = 60000 kbps.