[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: correction! Re: The math of RFC3822.2.2-spoofing a randomising source port resolver

To: bert hubert <bert.hubert@netherlabs.nl>
Subject: Re: correction! Re: The math of RFC3822.2.2-spoofing a randomising source port resolver
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Mon, 04 Aug 2008 21:46:12 +0900
Cc: namedroppers@ops.ietf.org
In-reply-to: <20080804104502.GA32568@outpost.ds9a.nl>
References: <20080801124038.GA5994@outpost.ds9a.nl> <20080804104502.GA32568@outpost.ds9a.nl>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

bert hubert wrote:

> correction! Re: The math of kaminsky-spoofing a randomising source port resolver

Why do you call such a well known vulnerability of DNS, which was
documented in section 2.2 of RFC3822 in 2004 several years after it
had been publicly known, kaminsky-spoofing?

> This is assuming 100 bytes per attempt, which at 50000 packets/s is around
> 40 megabits/s. Given some overhead, make it a good 50 megabits/s.

Your bandwidth figure is applicable to attackers but not to victims of
the attackers attacking many victims at once.

So, if an attacker have 1000 victims, the attacker needs 1/1000 less
time to compromise one or more victims of the attacker than an attacker
with only one victim and each victim feel 1/1000 less amount of traffic.

							Masataka Ohta

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: correction! Re: The math of RFC3822.2.2-spoofing a randomising source port resolver
  - From: Florian Weimer <fweimer@bfk.de>

References:
- The math of kaminsky-spoofing a randomising source port resolver
  - From: bert hubert <bert.hubert@netherlabs.nl>
- correction! Re: The math of kaminsky-spoofing a randomising source port resolver
  - From: bert hubert <bert.hubert@netherlabs.nl>

Prev by Date: correction! Re: The math of kaminsky-spoofing a randomising source port resolver
Next by Date: Re: correction! Re: The math of RFC3822.2.2-spoofing a randomising source port resolver
Previous by thread: correction! Re: The math of kaminsky-spoofing a randomising source port resolver
Next by thread: Re: correction! Re: The math of RFC3822.2.2-spoofing a randomising source port resolver
Index(es):
- Date
- Thread