On Fri, Aug 01, 2008 at 02:40:39PM +0200, bert hubert wrote:
> If you plug in some realistic numbers in the P_cs formula, the chance of
> succesfully spoofing a domain within two hours is around 8.1%, assuming you
> can get 50000 packets/second to arrive at the resolver.
> This will have cost you in the order of 1.5-2 gigabyte of packets though.
> After 24 hours, the chance rises to around 64% - costing your 0.4TB of packets.

The first gigabyte number is wrong - 2 hours of this will cost you around
36GB of packets. 24 hours around 0.4TB of packets.

This is assuming 100 bytes per attempt, which at 50000 packets/s is around
40 megabits/s. Given some overhead, make it a good 50 megabits/s.


http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.