To:
dnsop@cafax.se
From:
Markus Stumpf <maex-lists-dns-ietf-dnsop@Space.Net>
Date:
Fri, 28 Jun 2002 00:23:46 +0200
Content-Disposition:
inline
In-Reply-To:
<20020627122050.A14671-100000@shell.nominum.com>; from Roy.Arends@nominum.com on Thu, Jun 27, 2002 at 12:26:23PM -0700
Sender:
owner-dnsop@cafax.se
User-Agent:
Mutt/1.2.5.1i
Subject:
Re: is this proper behavior?
On Thu, Jun 27, 2002 at 12:26:23PM -0700, Roy Arends wrote: > No, its not. 29 bytes vs 507 bytes is 1 packet vs 1 packet. broadcast > related DoS is 1 packet vs N packets. > > You're comparing apples and oranges. Pardon? I compare bytes/bandwidth with bytes/bandwidth. Nobody denies that splitting the bytes to a lot of packages put more load on the routers, but if you have a 10 Mbit leased line and you get loaded with 20 Mbit you dont really care if it's 1 thousand or 1 million packets. Even worse, as the target has no associated UDP port open (most likely) the local host additionally generates an outgoing ICMP packet. Read http://www.s0ftpj.org/docs/spj-002-000.txt for an insight. And I don't say it doesn't work with djbdns also, it's only not as easy, because you can't simply send it anything and get an answer. \Maex -- SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0 Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299 "The security, stability and reliability of a computer system is reciprocally proportional to the amount of vacuity between the ears of the admin"