backtop


Print 41 comment(s) - last by JBlongz.. on Apr 3 at 7:44 AM

Planned DDOS campaign against DNS is meant to highlight piracy legislation issues

Al Gore may have finally met his match.  While members of Anonymous aren't planning on inventing the internet, they are planning on destroying it -- supposedly.  

The tricky thing about Anonymous is that they're Anonymous, so it's hard to differentiate fact from fictional prank, even if you want to.  But a Pastebin has been posted dubbed "Operation Global Blackout", which claims that the Anons are going to test the limits of their distributed denial of service attacking capabilities at the end of March.

The DDOS campaign is expected to target the world's 13 domain name servers (DNSs), that allow the public to use the internet by translating human legible text-string URLs into machine-readable IP addresses.  If the attack indeed materializes and if the DNS servers are all taken down, the Mayan apocalypse could come early -- the internet could blink offline.

The Pastebin describes:

By cutting these off the Internet, nobody will be able to perform a domain name lookup, thus, disabling the HTTP Internet, which is, after all, the most widely used function of the Web. Anybody entering "http://www.google.com" or ANY other url, will get an error page, thus, they will think the Internet is down, which is, close enough. Remember, this is a protest, we are not trying to 'kill' the Internet, we are only temporarily shutting it down where it hurts the most.

In other words "we're not trying to kill the internet, but we're trying to kill it for a little bit," implies Anonymous.

The posting goes into the planned attack in explicit detail.  The tool use will be the Reflective DNS Amplification DDoS tool.  By spoofing the DNS server with small UDP packets which appear to have orginated from the DNS server itself, the attacker tricks the DNS server into sending messages to itself creating a cascade of failures.  The "amplified" part comes from the fact that the sent packets are small, but they trigger a large barrage of data.

DNS Server
Anonymous will reportedly try to shut down DNS servers worldwide at the end of the month.
[Image Source: Renjus Blog]

So what's the point of this planned attack?  According to Anonymous:

To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down.

Again, there's no confirmation this post is real -- it could simply be the work of a clever security researcher trying to scare the DNS servers into beefing up their security.  Also, given that the Anons have explained their reported attack vector, it may be easier to block.

It's a bit hard to believe that they could actually take down the internet.  Past attacks on DNS servers have failed to accomplish the unthinkable -- worldwide internet outage.  And Anonymous's purported past claims -- such as a threat that Facebook would be taken down (a claim later denied by some members), an attack on the NYSE, and a DDOS attack on BART all failed to have the intended level of service disruption.  On the other hand Anonymous did help take down Sony Corp.'s (TYO:6758) digital properties as well as the U.S. Central Intelligence Agency's public homepage.

Thus it's a bit premature to start panicking, but it couldn't hurt to grab a few IP addresses of your favorite sites, just in case things get anywhere close to as crazy as the post promises.

Sources: PasteBin, NeoWin



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: DNS Proxies
By karielash on 3/28/2012 2:51:34 PM , Rating: 2
Each record they hold has a TTL associated with it, the record governs how long the recursive server holds it not the other way around so your ISP would not last weeks....

TTL can vary between 5 minutes and a day (for the majority of records). We use 1 to 4 hours depending on the function of the server. So, after that period of time the recursive server asks the next upstream server for a refresh if the record is requested and so on up to the root servers. A lower level server could override that setting but it could potentially set up some very interesting results where an IP/Domain changes quickly (not unusual to have some 300 second records where DR is a concern).

The last time someone seriously tried to take out the root servers was about 4 or 5 years ago, they managed to take down six out of thirteen servers (it was actually two attackers where the attacks coincided), two were actually taken off-line. The DNS system never blinked and very few people noticed, taking out all thirteen servers would be a significant task, and although I am not saying it could not be done... it would be tough.

You would also have to maintain the attack for a prolonged period of time to keep the downed servers supressed while you take down the remaining servers, although at some point the normal traffic from the downed servers would cause a snowball effect on the remaining servers. Be interesting to see at what point that occurred.


"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki