JMU
DNS Spoofing/Poisoning
An Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu


Motivation
Recall
The Process
What is Needed in the Spoofed Response
Guessing at the Unknowns
Worst Case
The Probability of a Successful Attack
Attacks based on the Birthday "Paradox"
Attacks based on the Birthday "Paradox" (cont.)
What is the probability that a member of a group of size \(n\) has the same birthday as you?


Assuming all birthdays are equally likely, the probability that an individual has the same birthday as you is \(\frac{1}{365}\). Hence, the probability of the complement (i.e., the individual doesn't have the same birthday as you) is \(1 - \frac{1}{365} = \frac{364}{365}\).

So, assuming independence, the probability that \(n\) people don't have the same birthday as you is \((\frac{364}{365})^n\).

Hence, the probability of the complement is \(1 - (\frac{364}{365})^n\).

So, the probability that someone has the same birthday as you for \(n=10\) is about 0.027, for \(n=30\) is about 0.079 and for \(n=50\) is about 0.128.

Attacks based on the Birthday "Paradox" (cont.)
What is the probability that any two people in a group of size \(n\) have the same birthday?


Let \(B_i\) denote the birthday of individual \(i\) and suppose we know the birthday of individual \(1\). Then, as we just saw, the probability that individual \(2\) has the same birthday as individual \(1\) is \(P\{B_2 = B_1\} = \frac{1}{365}\). Hence, the probability of the complement is given by \(P\{B_2 \neq B_1\} = 1 - \frac{1}{365} = \frac{364}{365}\).

The probability that 3's birthday is the same as 1's or 2's, given that 1 and 2 do not have the same birthday, is given by:

\[P\{B_3 = B_2 \text{ or } B_3 = B_1 | B_2 \neq B_1\} = \frac{1}{365} + \frac{1}{365} = \frac{2}{365}\]

Hence, the probability of the complement is given by:

\[P\{B_3 \neq B_2 \neq B_1 | B_2 \neq B_1\} = 1 - \frac{2}{365} = \frac{363}{365}\]

and:

\[P\{B_3 \neq B_2 \neq B_1\} = P\{B_3 \neq B_2 \neq B_1 | B_2 \neq B_1\} \cdot P\{B_2 \neq B_1\} = \frac{364}{365} \cdot \frac{363}{365}\]

Generalizing, the probability that \(n\) individuals have different birthdays is given by:

\[\frac{364 \cdot 363 \cdot (365-n+1)}{365^{n-1}}\]

Multiplying by \(\frac{365}{365}=1\), this probability is given by:

\[\frac{365 \cdot 364 \cdot 363 \cdot (365-n+1)}{365^{n}}\]

This can be re-written as:

\[\frac{365!}{(365-n)!} \cdot \frac{1}{365^n}\]

Thus, the probability of the complement (i.e., that any two people share a birthday) is just:

\[1 - \left(\frac{365!}{(365-n)!} \cdot \frac{1}{365^n}\right)\]

So, the probability that any two people share a birthday for \(n=10\) is about 0.117, for \(n=30\) is about 0.706 and for \(n=50\) is about 0.970.

Other Kinds of Pharming