Anonymous – well known for DDOSing and bringing down popular websites like FBI,Interpol and US Dept. of Justice etc are now aiming to bring down the entire Internet to halt for a day.
The team is pulling this act to protest against many new laws like SOPA,PIPA and other rules that limit and censor the Internet usage. his blackout as they say is scheduled to occur on 31st March 2012.
According to a pastebin report, They are performing this blackout via a method known as DNS Amplification. The Internet is supported by 13 Pillars of root DNS Servers and if anybody manages to DDOS these root servers, The entire HTTP Internet Traffic will be messed up resulting in no website hosted on Internet to open up. And this is exactly what they wish to do.
Even though some ISP (Internet Service Providers) use DNS caches, They are used for speeding up the common requests and not for redundancy hence they will also be rendered useless.
The team says they have managed to build a Reflective DNS Amplification DDoS tool that is to be used for this attack. It is based on AntiSec’s DHN, contains a few bugfix, a different dns list/target support and is a bit stripped down for speed.
How the Attack Works.
A flaw that is said exist for over a decade uses forged UDP packets that are to be used to trigger a rush of DNS queries all redirected and reflected to those 13 IPs. The flaw is as follow since the UDP protocol allows the packets, They can change the source IP of the sender to the 13 DNS Servers, thus spoofing the source of the DNS query.
The DNS server will then respond to that query by sending the answer to the spoofed IP. Since the answer is always bigger than the query, the DNS answers will then flood the target ip. It is called an amplified because of the use of small packets to generate large traffic. It is called reflective because they will not send the queries to the root name servers, instead, They will use a list of known vulnerable DNS servers which will attack the root servers.
There are numerous benefits of DNS amplification. For instance, the source of the attack could be hidden with UDP via forged headers. In addition, different VPNs could also be used as extra-precaution, because Tor’s services don’t function on UDP traffic. Therefore, due to the fact that DNS amplification relies on UDP (a connection-free protocol), the sent packets can’t be easily circumvented.
What are your thoughts on this major attack? Will the Internet community survive this?