Flattr this!

Anonymous or just someone under the “anonymous” has published the announcement of “Operation Global blackout” (#opGlobalBlackout). According to the text, March 31, planned the attack on the global distributed 13 root DNS-servers, they are listed below.

198.41.0.4 A
192.228.79.201 B
C 192.33.4.12
128.8.10.90 D
E 192.203.230.10
192.5.5.241 F
G 192.112.36.4
128.63.2.53 H
I 192.36.148.17
192.58.128.30 J
K 193.0.14.129
199.7.83.42 L
M 202.12 .27.33

Probably, Anonymous does not take into account that each IP-address (per server) – this is not a separate server, and a large cluster , physically distributed at different addresses. You need to have a truly huge distributed system to flood the hope that the network of data centers.

So strange to even see such attempts an attack. Nevertheless, the authors are correct in one thing – the root DNS-servers are really the weakest link in the infrastructure of the Internet.

“When they stop working, no one on the internet will not be able to recruit and resolved to hostnames or domain address of the site familiar words, what is the most used function of the web. After earning a familiar address, people will get an error and will think that the internet is not working, and it’s far from the truth. Remember, this is just a protest, we’re not going to “destroy the Internet,” we just temporarily incapacitates the weakest point – write anonymous authors. – Although some of the ISP-ISP use caching DNS, most of them are worth a small delay to update the cache, so that they have no backup plan in case of failure of the root DNS-servers. Caching server providers are used primarily for speed, not safety. ”

Anonymous DDoS-developed a special program Reflective DNS Amplification, which is going to be used in the attack. It is based on AntiSec DHN, contains several bug fixes, the other a list of goals and slightly optimized for performance.

The principle of the former: the flow of bogus UDP packet to cause a lot of DNS-queries that you redirect, and will be reflected in the direction of the 13-DNS-servers. It uses the same vulnerability in the UDP, which allows you to change the IP-address in the packet, thus falsifying the source of DNS-query.

Vulnerable DNS-server has to respond to every request for a fake IP-address of the root DNS. Since the response is always greater than the query, the flow response to flood this IP. This attack is enhanced because it uses a small stream of packets to generate a lot of traffic.

The attack is based on a simple IP-addresses, so it will continue even after the removal of servers from the system. At this time, no one can reach the root servers that make the job of professionals who will try to rectify the situation. “Probably the last time Down servers, may be more, maybe a few days – write Anonymous. – It does not matter, because such an event notice everything, it will be global. ”

Anyone who wishes to join the attack, offered to download the driver for the Winpcap packet forwarding, set Tor Riley and wait.

Winpcap – http://www.winpcap.org/install/default.htm
Tor – http://www.torproject.org/dist/vidalia-bundles/