Question

In order to implement a DNS amplification attack, the attacker must trigger the creation of a sufficiently large volume of DNS response packets from the intermediary to exceed the capacity of the link to the target organization. Consider an attack where the DNS response packets are 1000 bytes in size (ignoring framing overhead).

a. How many of these packets per second must the attacker trigger to flood a target organization using a 30-Mbps link? A 100-Mbps link? Or a 1-Gbps link?

b. If the DNS request packet to the intermediary is 60 bytes in size, how much bandwidth does the attacker consume to send the necessary rate of DNS request packets for each of these three cases?

Answer 1

Size of DNS response packet = 1000 bytes = 8000 bits

(a) Let's find the packet rate for each of the links.

For 30 Mbps link, packet rate = 30000000 / 8000 = 3750 packets per second

For 100 Mbps link, packet rate = 100000000 / 8000 = 12,500 packets per second

For 1 Gbps link, packet rate = 1000000000 / 8000 = 125,000 packets per second

(b) Size of DNS request packet to the intermediary = 60 bytes = 60 * 8 = 480 bits

Now let's find the bandwidth for each of these links.

For the 30 Mbps links, we had 3750 packets per second. Bandwidth = 3750 * 480 = 1.8 Mbps

For the 100 Mbps links, we had 12,500 packets per second. Bandwidth = 12,500 * 480 = 6 Mbps

For the 1 Gbps links, we had 125,000 packets per second. Bandwidth = 125,000 * 480 = 60 Mbps

_______________________________________________________________

Let me know if you have any doubts in the comments. Please upvote if the answer helped you.