backtop


Print 41 comment(s) - last by JBlongz.. on Apr 3 at 7:44 AM

Planned DDOS campaign against DNS is meant to highlight piracy legislation issues

Al Gore may have finally met his match.  While members of Anonymous aren't planning on inventing the internet, they are planning on destroying it -- supposedly.  

The tricky thing about Anonymous is that they're Anonymous, so it's hard to differentiate fact from fictional prank, even if you want to.  But a Pastebin has been posted dubbed "Operation Global Blackout", which claims that the Anons are going to test the limits of their distributed denial of service attacking capabilities at the end of March.

The DDOS campaign is expected to target the world's 13 domain name servers (DNSs), that allow the public to use the internet by translating human legible text-string URLs into machine-readable IP addresses.  If the attack indeed materializes and if the DNS servers are all taken down, the Mayan apocalypse could come early -- the internet could blink offline.

The Pastebin describes:

By cutting these off the Internet, nobody will be able to perform a domain name lookup, thus, disabling the HTTP Internet, which is, after all, the most widely used function of the Web. Anybody entering "http://www.google.com" or ANY other url, will get an error page, thus, they will think the Internet is down, which is, close enough. Remember, this is a protest, we are not trying to 'kill' the Internet, we are only temporarily shutting it down where it hurts the most.

In other words "we're not trying to kill the internet, but we're trying to kill it for a little bit," implies Anonymous.

The posting goes into the planned attack in explicit detail.  The tool use will be the Reflective DNS Amplification DDoS tool.  By spoofing the DNS server with small UDP packets which appear to have orginated from the DNS server itself, the attacker tricks the DNS server into sending messages to itself creating a cascade of failures.  The "amplified" part comes from the fact that the sent packets are small, but they trigger a large barrage of data.

DNS Server
Anonymous will reportedly try to shut down DNS servers worldwide at the end of the month.
[Image Source: Renjus Blog]

So what's the point of this planned attack?  According to Anonymous:

To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down.

Again, there's no confirmation this post is real -- it could simply be the work of a clever security researcher trying to scare the DNS servers into beefing up their security.  Also, given that the Anons have explained their reported attack vector, it may be easier to block.

It's a bit hard to believe that they could actually take down the internet.  Past attacks on DNS servers have failed to accomplish the unthinkable -- worldwide internet outage.  And Anonymous's purported past claims -- such as a threat that Facebook would be taken down (a claim later denied by some members), an attack on the NYSE, and a DDOS attack on BART all failed to have the intended level of service disruption.  On the other hand Anonymous did help take down Sony Corp.'s (TYO:6758) digital properties as well as the U.S. Central Intelligence Agency's public homepage.

Thus it's a bit premature to start panicking, but it couldn't hurt to grab a few IP addresses of your favorite sites, just in case things get anywhere close to as crazy as the post promises.

Sources: PasteBin, NeoWin





Comments     Threshold


This article is over a month old, voting and posting comments is disabled

misfocused group
By cubby1223 on 3/28/2012 2:52:29 AM , Rating: 5
The only thing a successful attack on the dns servers would do, is prove that governments need more control over the internet to implement the necessary blocks against Anonymous.

In other words, the end result would be the exact opposite of what they desire. Thanks.

Personally, I have little to no sympathy left for people who believe they are entitled to other people's work without compensation just because it is there.




RE: misfocused group
By SPOOFE on 3/28/2012 3:55:43 AM , Rating: 4
I have no sympathy or antipathy for Anonymous. I think it's just an inevitable manifestation of the technology, population, and societal conditions: People will start to behave thus, and hence, Anonymous.

It helps if you mentally replace "Anonymous" with "avalanche" or "hurricane" or "other natural disaster here" whenever you read articles about them. :D


RE: misfocused group
By geddarkstorm on 3/28/2012 12:43:52 PM , Rating: 1
It'd be nice if hurricanes called us up in advance to tell us the exact cities they were going to land fall over, when, and at what category they expect themselves.


RE: misfocused group
By taggedjc on 3/31/2012 10:48:21 AM , Rating: 1
Oh, but they do. It's called meteorology.


RE: misfocused group
By Cerin218 on 4/2/2012 10:14:52 AM , Rating: 2
The forecast was that it would be 78 and sunny here yesterday. It actually turned out to be cloudy and 60. Meteorology is an art, not a science. It's one of the few jobs where you can be consistently wrong and still have a job.


RE: misfocused group
By hughlle on 3/28/2012 4:22:50 AM , Rating: 2
Wasn't the honcho in cahoots with the FBI? It could kinda make sense when you take that into account, achieving exactly what they want.


RE: misfocused group
By carage on 4/2/2012 12:10:45 AM , Rating: 2
I would assume after the story got out, he probably got voted out...


RE: misfocused group
By Reclaimer77 on 3/28/2012 10:00:08 AM , Rating: 4
Pretty much.

It's like me thinking a good way to protest gun control legislation is to go around shooting people. Ummm, seems like that would have the opposite affect of my intended goal.


RE: misfocused group
By gorehound on 3/28/2012 11:13:49 AM , Rating: 1
Do us all a favor Anonymous and hack that Hate Group "NOM".We want to see their Donor List and whatever Dirty Laundry is kicking around their Servers.


RE: misfocused group
By Argon18 on 3/28/2012 4:33:41 PM , Rating: 3
You might want to look in the mirror, your ignorance is showing. I'm on the NOM donor list, as are people of every race, religion, and gender. Blacks and whites, Jews and Muslims, Men and Women in every state. NOM isn't a "hate group" as you confusedly call them. Far from it. If you want to see a hate group, go hang out in some gay forums and see the kinds of expletives, slurs, rampant christophobia, and threats of violence against "non believers" they write every day of the week. That is the very definition of a hate group.


RE: misfocused group
By wiz220 on 3/28/12, Rating: 0
RE: misfocused group
By Argon18 on 3/29/2012 6:35:25 PM , Rating: 1
that's nonsense and you know it. marriage is not some arbitrary pairing of genderless humans, and it isn't open to re-interpretation according to the social whims of the day. mother nature herself has defined the parameters - it takes one man and one woman to procreate and perpetuate the species. any deviation from that recipe is a dead end. because you don't believe in this very simple biological concept for some reason, does not lump everyone else under some pro-discrimination umbrella, as you've been led to believe.


RE: misfocused group
By glennco on 3/30/2012 1:55:05 AM , Rating: 1
yet gay people do exist. what you are saying is marriage is purely for people who will have children. marriage is whatever human beings decide it is, as it is a human custom, not parameters defined by mother nature (or should i say evolution as mother nature means nothing). you are confusing marriage with procreation.


RE: misfocused group
By KCjoker on 3/28/2012 5:53:14 PM , Rating: 2
Just because you don't like their views doesn't make them a "hate" group.


RE: misfocused group
By HrilL on 3/28/2012 12:00:50 PM , Rating: 3
Wrong. It proves we need a more open approach to DNS. It needs to be decentralized so it can never be taken down.

As for taking the root DNS servers down, most if not all ISPs have cache servers that users use and these will not be taken down so most likely nothing will happen even if they are successful at taking down the root servers. New domains and renewals won't happen but that’s about it.


RE: misfocused group
By Ammohunt on 3/28/2012 10:34:32 PM , Rating: 2
Thats exactly what will happen nothing! other that maybe the few obscure sites like choad.com that may not be cached being unavailable. even if they managed to say inject something into the root server it would take days for it to propagate to other DNS servers which by that time those servers would have be configured not to forward to root servers.


Google DNS
By Fulvian on 3/28/2012 12:42:19 AM , Rating: 5
Let's see if my favorite 8.8.8.8 can withstand the attack




RE: Google DNS
By HackSacken on 3/29/2012 12:32:46 PM , Rating: 2
You hop on the primary train, I'll chill with the less favored secondary... 8.8.4.4 :)


Good thing
By Gondor on 3/28/2012 2:58:46 AM , Rating: 1
I for one think this is actually a good thing to do - to test the resilience of root name servers. Chances are more "cyber-crime" will be taking place in the future so getting some practical experience in handling such attacks could prove very handy.

Magnitude of future attacks by criminals/terrorists and governmental agencies will not be known in advance, much like this particular case, which makes for a more reliable test than any internal audit could ever be.

And there's also the ultimate upside - root DNS server maintainers cannot lose. If servers hold in spite of disruption they have done their job and if they fail the scapegoats are known prior to the fact ... more script kiddies to jail :) Anonymous are st00pid and doing this for all the wrong reasons but their pestering could be far more useful than they could possibly imagine.




RE: Good thing
By ShaolinSoccer on 3/28/2012 7:55:49 AM , Rating: 2
quote:
I for one think this is actually a good thing to do - to test the resilience of root name servers.


Don't you think there are lots of people who try this all the time, every year from all over the world? And fail at it?


RE: Good thing
By Gondor on 3/28/2012 2:54:40 PM , Rating: 2
quote:
Don't you think there are lots of people who try this all the time, every year from all over the world? And fail at it?


No, I don't think there are any coordinated efforts of this magnitude taking place. This will be a good test and - should the servers fail - a good wake-up call.

The fact that they managed to DoS other servers in the past (which are just as exposed to everyday attempts) makes me believe I am right and you are wrong in implying that I am wrong :)


RE: Good thing
By ShaolinSoccer on 3/30/2012 1:21:23 PM , Rating: 2
Sorry, but I fail to believe that after all this time that the internet has existed, not one group of people attempted to shut down DNS. And not only once, but multiple times. Just because it never hit the mainstream media doesn't mean it never happened...


Oh Rly
By karielash on 3/28/2012 5:40:13 AM , Rating: 5

Whilst a great sensationalist article you appear to have missed the fact that 'Anonymous' also denied they were involved or were sponsoring such a plan. That is the inherent problem is that there is no real group, anyone can say anything and claim it to be 'Anonymous'

You also missed the fact that one of the sponsors of the attack was Sabu.... who happened to work for the Feds... a US government agency that apparently had absolute control over him for nine months prior to his 'arrest', the same government that wants greater control over the Internet and are willing to go to any means to get it.... so maybe you should have titled your article, US plans massive attack on DNS infrastructure and wrote your article around that, it would have have had just as much validity and probably got you a few more hits for the ratings.




RE: Oh Rly
By Xonoahbin on 3/29/2012 12:52:43 PM , Rating: 2
I was reading through the comments, hoping someone had already said this. Thank you. I feel like people are on the "blame Anonymous" train and don't even really investigate what they say (especially journalists, they love to do it). Yeah, Anonymous does plenty of irritating stuff, but in this case, it's probably not actually an Anonymous operation at all.


DNS Proxies
By drlumen on 3/28/2012 3:52:23 AM , Rating: 2
Correct me if I'm wrong (flame if you must) but that goes against all I was tought and read about how the DNS name system works.

I was told and read that various ISP's and others keep their own servers for DNS lookups. If there is a request for a site that has not been visited then the request keeps going up the chain with the last resort being the actual root name servers. This was also the explanation for the DNS change propagation delay as each proxy had to get the new IP for the new or changed domain name/IP.

If that is true, wouldn't their attack and planned outage only affect new or changed domains that are still within the propagation delay or obscure, rarely requested sites?




RE: DNS Proxies
By probedb on 3/28/2012 4:35:43 AM , Rating: 2
Yep :)

So my ISP or OpenDNS can't update their DNS for a week, big deal, I'm pretty sure most sites I visit don't change their IP addresses every 4 minutes.


RE: DNS Proxies
By karielash on 3/28/2012 2:51:34 PM , Rating: 2
Each record they hold has a TTL associated with it, the record governs how long the recursive server holds it not the other way around so your ISP would not last weeks....

TTL can vary between 5 minutes and a day (for the majority of records). We use 1 to 4 hours depending on the function of the server. So, after that period of time the recursive server asks the next upstream server for a refresh if the record is requested and so on up to the root servers. A lower level server could override that setting but it could potentially set up some very interesting results where an IP/Domain changes quickly (not unusual to have some 300 second records where DR is a concern).

The last time someone seriously tried to take out the root servers was about 4 or 5 years ago, they managed to take down six out of thirteen servers (it was actually two attackers where the attacks coincided), two were actually taken off-line. The DNS system never blinked and very few people noticed, taking out all thirteen servers would be a significant task, and although I am not saying it could not be done... it would be tough.

You would also have to maintain the attack for a prolonged period of time to keep the downed servers supressed while you take down the remaining servers, although at some point the normal traffic from the downed servers would cause a snowball effect on the remaining servers. Be interesting to see at what point that occurred.


AAAAAAAAnd
By scrapsma54 on 4/1/2012 4:09:06 PM , Rating: 3
Never Happened.




RE: AAAAAAAAnd
By JBlongz on 4/3/2012 7:44:44 AM , Rating: 2
Obviously this was an April prank.


LAME!!!
By batman4u on 3/28/2012 3:20:32 AM , Rating: 2
with all crisis going and this LAME people creating more stupid things, we should just stop paying atention to this so called "news"




RE: LAME!!!
By FaceMaster on 3/28/2012 5:26:29 AM , Rating: 2
Yeah! Their excuse is terrible and doesn't hold any real-world significance at all. It might as well have been 'to save the rainforests' or to 'end global poverty'. Alternatively they could have just said 'we're doing it because we want to'. At least that would have been truthful.


To help prepare
By XJDHDR on 3/29/2012 12:06:28 PM , Rating: 2
Add the following line to your hosts file:
64.14.68.59 www.domaintoip.com domaintoip.com

If the attack does happen, visit that site then find the ip address of any websites you can't access.




RE: To help prepare
By JediJeb on 3/29/2012 1:52:54 PM , Rating: 2
Or just put all the IP addresses of your favorite sites in your LMHOSTS file and not worry about it at all. Back when I was on dial-up I used that all the time to help save a few seconds of page loading.


Root
By CityZen on 3/28/2012 2:06:01 AM , Rating: 3
quote:
The DDOS campaign is expected to target the world's 13 domain name servers


Jason, it would have been clearer if you had said "the world's 13 root name servers", since that's what they are usually called.
Actually, thanks to Anycast, there are many more than 13 physical servers, so this supposed attack would be even more unlikely to succeed, if it's actually true (which I doubt)




By carniver on 3/28/2012 1:34:32 PM , Rating: 3
It means they couldn't actually do it. The things they actually did, they did it without notifying anybody first.




Sponsored by US Government
By ouchie75 on 3/28/2012 2:29:48 PM , Rating: 3
This sounds like more US Government Propaganda steered towards pinning Anonymous as Terrorist..
Yawn...........




By Beenthere on 3/28/2012 2:53:56 AM , Rating: 2
Anonymous has not leanred yet that they are not anonymous at all. Wait until the prison door slams and watch them cry like babies.




I like Anonymous
By johnsmith9875 on 3/28/2012 12:57:01 PM , Rating: 2
If there's one thing the world really needs, is an unbiased tester of security models.
Trusting the fox for henhouse security hasn't worked.




OMG WHAT WILL I DO?
By Mitch101 on 3/28/2012 8:59:29 PM , Rating: 2
Its a Saturday I plan on BBQ and Beer to make it through the catastrophy. FTW




By benamas on 3/29/2012 5:09:47 PM , Rating: 2
there are not 13 dns servers, there are about 290 , spread across every continent -- they're clustered into only 13 ip addresses currently due to ancient technical limitations (which are obviated by IPv6 and will disappear as it continues to be rolled out)

also, most dns requests are handled by a local downstream server run by your ISP -- if a root server goes down the absolute worst thing that happens is the local cache doesn't get to update that week. unless you're trying to hit a server that nobody on your ISP has ever gone to, you wouldn't even notice a root node up and disappearing

dailytech really needs to hire tech writers that are willing to do some basic fact-checking and/or have some actual technical background




Not Going to Work
By briantho on 3/30/2012 10:30:51 PM , Rating: 2
This is a bogus post because Anon knows how the worldwide DNS system works and thus understands that this kind of attack will not work.

There are 13 main DNS servers which every ISP updated their DNS servers from. Thats right folks, you go through your ISP for DNS service, not these 13 servers. Or if you are like me you use Open DNS.

You may be thinking at this point that if those 13 main DNS servers are down where will the ISP's get their DNS info from? Well ISP's and Open DNS do not update their lists for every DNS request their users send out. They updated at set intervals (the exact time I do not know) which I have heard range from every 12 hours to several days. This means that attackers would need to take down all 13 DNS servers for a minimum of 12 hours through DDOS which is NOT possible. Just ask Microsoft. MSFT can stop a DDOS attack as it is happening and will have little to no downtime as a result.




"So if you want to save the planet, feel free to drive your Hummer. Just avoid the drive thru line at McDonalds." -- Michael Asher













botimage
Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki