Question

Assume that an attacker controls a single attack machine and uses a single DNS server to launch a DNS amplification attack toward a victim device. Suppose that the length of the DNS query message is always 100 bytes and the length of the DNS reply message is always 5000 bytes. In this DoS attack, if the attack machine's outgoing traffic throughput is 1 MB/sec, please compute the expected incoming traffic throughput of the victim device

Answer 1

To compute the expected incoming traffic throughput of the victim device in a DNS amplification attack, calculate the amplification factor and multiply it by the attack machine's outgoing traffic throughput.

Step-by-step explanation:

To compute the expected incoming traffic throughput of the victim device, we need to calculate the amplification factor. The amplification factor is the ratio between the length of the DNS reply message and the length of the DNS query message. In this case, the amplification factor is 5000/100 = 50.

Given that the attack machine's outgoing traffic throughput is 1 MB/sec, we can multiply this by the amplification factor to find the expected incoming traffic throughput of the victim device: 1 MB/sec x 50 = 50 MB/sec.

Therefore, the expected incoming traffic throughput of the victim device is 50 MB/sec.