Thursday, March 29, 2012

Unconfirmed: "Anonymous" to Try to Shut Down Entire Internet on Saturday

The computer hacking group Anonymous has promised to shut down the Internet in its entirety this Saturday, March 31st, according to a post on "pastebin" which has since gotten 165,000 views. The piece states that Anonymous will be attempting this in order to protest "SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun."

The post, which was then uploaded to Reddit, promises an attack on 13 root DNS servers. Anyone trying to access a website, it promises, will get an error message. The group, however, states that their action is not to "kill" the internet, but make a point.

How long the "blackout," as the post calls it, will last is unknown even to the hackers: "The very fact that nobody will be able to make new requests to use the Internet will slow down those who will try to stop the attack. It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known."

Members of Reddit have given the post over 1,000 "upvotes" at the time of this article, and the number is expected to grow.  Under comments, Reddit users are arguing about whether this could actually work.  The top comment reads, "Good luck with that...," with the second highest reading, in part, "I do wish them the best, simply for the fact that it would be historic and entertaining."

Here is the entirety of the post:
"The greatest enemy of freedom is a happy slave."

To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down.

-----------------------------------------------------------------------

In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet. Those servers are as follow:

A 198.41.0.4
B 192.228.79.201
C 192.33.4.12
D 128.8.10.90
E 192.203.230.10
F 192.5.5.241
G 192.112.36.4
H 128.63.2.53
I 192.36.148.17
J 192.58.128.30
K 193.0.14.129
L 199.7.83.42
M 202.12.27.33

By cutting these off the Internet, nobody will be able to perform a domain name look-up, thus, disabling the HTTP Internet, which is, after all, the most widely used function of the Web. Anybody entering "http://www.google.com" or ANY other url, will get an error page, thus, they will think the Internet is down, which is, close enough. Remember, this is a protest, we are not trying to 'kill' the Internet, we are only temporarily shutting it down where it hurts the most.

While some ISPs uses DNS caching, most are configured to use a low expire time for the cache, thus not being a valid failover solution in the case the root servers are down. It is mostly used for speed, not redundancy.

We have compiled a Reflective DNS Amplification DDoS tool to be used for this attack. It is based on AntiSec's DHN, contains a few bugfix, a different dns list/target support and is a bit stripped down for speed.

The principle is simple; a flaw that uses forged UDP packets is to be used to trigger a rush of DNS queries all redirected and reflected to those 13 IPs. The flaw is as follow; since the UDP protocol allows it, we can change the source IP of the sender to our target, thus spoofing the source of the DNS query.

The DNS server will then respond to that query by sending the answer to the spoofed IP. Since the answer is always bigger than the query, the DNS answers will then flood the target ip. It is called an amplified because we can use small packets to generate large traffic. It is called reflective because we will not send the queries to the root name servers, instead, we will use a list of known vulnerable DNS servers which will attack the root servers for us.

DDoS request ---> [Vulnerable DNS Server ] <---> Normal client requests
\
| ( Spoofed UDP requests
| will redirect the answers
| to the root name server )
|
[ 13 root servers ] * BAM

Since the attack will be using static IP addresses, it will not rely on name server resolution, thus enabling us to keep the attack up even while the Internet is down. The very fact that nobody will be able to make new requests to use the Internet will slow down those who will try to stop the attack. It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known.

Please bookmark!

No comments:

Post a Comment