Follow us on RSS or Twitter for the latest updates.

February 17, 2012

Anonymous Launches a DDOS Attack on Internet's root DNS Server


Summary: The Anonymous hacktivist movement is planning to launch a distributed denial of service attack (DDoS) on the Internet’s root DNS servers, using a Reflective DNS Amplification DDoS tool.

According to a note left by members of the Anonymous hacktivist movement on Pastebin.com, the group is planning to launch a distributed denial of service attack (DDoS) on the Internet’s root DNS servers, using a Reflective DNS Amplification DDoS tool specifically created for ‘Operation Global Blackout’.

We have compiled a Reflective DNS Amplification DDoS tool to be used for this attack. It is based on AntiSec’s DHN, contains a few bug fix, a different dns list/target support and is a bit stripped down for speed.

The principle is simple; a flaw that uses forged UDP packets is to be used to trigger a rush of DNS queries all redirected and reflected to those 13 IPs. The flaw is as follow; since the UDP protocol allows it,we can change the source IP of the sender to our target, thus spoofing the source of the DNS query.The DNS server will then respond to that query by sending the answer to the spoofed IP. Since the answer is always bigger than the query, the DNS answers will then flood the target ip. It is called an amplified because we can use small packets to generate large traffic. It is called reflective because we will not send the queries to the root name servers,instead, we will use a list of known vulnerable DNS servers which will attack the root servers for us.

Since the attack will be using static IP addresses, it will not rely on name server resolution, thus enabling us to keep the attack up even while the Internet is down. The very fact that nobody will be able to make new requests to use the Internet will slow down those who will try to stop the attack. It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known.

Based on a message update issued by Anonymous, the group has said that it still has the capability to target the Root Internet Servers.

Despite the fact that current Internet infrastructure allows the execution of DNS amplification attacks, the Anonymous hacktivist movement is surely lacking the capabilities to execute such an attack, despite the high number of recruited users that may be participating in the attack.

For the time being, the Low Orbit Ion Cannon (LOIC) ICMP flooder, and the RefRef web script remain the primary attack tools used by the Anonymous hacktivist collective.

Learn more about DNS Amplification attacks, what they are, how they work, and how can Internet Service Providers mitigate the threat posed by them.