Question

In order to implement a DNS amplification attack, the attacker must trigger the creation of a sufficiently large volume of DNS response packets from the intermediary to exceed the capacity of the link to the target organization. Consider an attack where the DNS response packets are 500 bytes in size (ignoring framing overhead).

a. How many of these packets per second must the attacker trigger to flood a target organization using a 0.5-Mbps link? A 2-Mbps link? Or a10-Mbps link?

b. If the DNS request packet to the intermediary is 60 bytes in size, how much bandwidth does the attacker consume to send the necessary rate of DNS request packets for each of these three cases?

Answer 1

from the given data

to implement a DNS amplification attack, the attacker must trigger the creation of a sufficiently large volume of DNS response packets from the intermediary

to exceed the capacity of the link to the target organization

by considering an attack where the DNS response packets are 500 bytes in size.

to calculate the no of packets sent per second by an attacker to flood the target organization

• Number of packets sent per second by an attacker =

capacity of the link / no. of packets * no of bits in each byte

• required bandwidth = no of packets sent per sec by an attacker * size of intermediary DNS packet in bits

a.

0.5 Mbps :

no of packets = 500

no of bits = 8

no of packets sent per second by an attacker using 0.5 Mbps = 0.5 * 10^6 / 500*8

= 500000/ 4000

= 125 packets

2 Mbps :

no of packets = 500

no of bits = 8

no of packets sent per second by an attcaker using 2 Mbps = 2*10^6 / 500*8

= 2000000 / 4000

= 500 packets

lly for 10 Mbps : we get 2500 packets

b.

required bandwidth:

from the (a)_ we have for 0.5 mbps we get 125 packets

DNS packet as 60 is given

for required bandwidth = 125 * 60*8

= 60000 = 60*10^3

= 60 Kbps

for 2 Mbps we get 500 packets

DNS packet as 60 given

for required bandwidth = 500*60*8

= 240000 = 240*10^3

= 240 Kbps

for 10 Mbps we get 2500 packets

DNS packet as 60 given

for required bandwidth = 2500*60*8

= 1200000 = 1.2 * 10^6

= 1.2 Mbps

the necessary rate of DNS request packets for each of these three cases

amplification of this three cases by the formula following

no of DNS response packets / size of intermediary DNS packet

no of packets DNS response as 500 and size of intermediary DNS packet as 60  

by substituting in the above formula of amplification of three cases we get = 500/ 60 = 8.33 times