• Anonymous plans to take down the DNS root servers A.K.A blackout the internet on March 21st.
    131 replies, posted
[QUOTE=SystemGS;34817558]anonymous, go back to doing cool stuff this is fucking annoying[/QUOTE] They did cool stuff?
[QUOTE=Marik Bentusi;34817499]Except you can reconstruct your house at will. IF you even manage to light a matchstick.[/QUOTE] I don't get what you're getting at here. A DNS server can be brought back online, or have a redundant server take its place, and it will only take a short time for the other DNS servers around the world to update their records and start directing queries to that instead. Besides, if they truly were attacking the "core" DNS servers of the Internet, good fucking luck. These servers get tons of traffic under normal usage, they are built and connected to take the brunt of mass floods of traffic. I can't actually see this working as they expect. DNS is pretty distributed, other than private servers, there are bound to be other DNS servers that have records for other large servers. They might cause a slight hiccup in the function of DNS for a while until someone fixes it, assuming they even do anything noticeable at all.
[i]why[/i] ?
Of course that will solve everything.
[QUOTE=hexpunK;34817600]I don't get what you're getting at here. A DNS server can be brought back online, or have a redundant server take its place, and it will only take a short time for the other DNS servers around the world to update their records and start directing queries to that instead. Besides, if they truly were attacking the "core" DNS servers of the Internet, good fucking luck. These servers get tons of traffic under normal usage, they are built and connected to take the brunt of mass floods of traffic. I can't actually see this working as they expect. DNS is pretty distributed, other than private servers, there are bound to be other DNS servers that have records for other large servers. They might cause a slight hiccup in the function of DNS for a while until someone fixes it, assuming they even do anything noticeable at all.[/QUOTE] Which is exactly what I said. Even IF they manage to do any damage (=light a matchstick) the situation can be easily restored to normal once they get bored with it (=reconstruct the house you burnt down). You might piss off some people, but you wouldn't destroy anything.
I see the U.S. Gov. Using this against them in order to pass legislation. That is if they suceed of course.
[QUOTE=Marik Bentusi;34817679]Which is exactly what I said. Even IF they manage to do any damage (=light a matchstick) the situation can be easily restored to normal once they get bored with it (=reconstruct the house you burnt down). You might piss off some people, but you wouldn't destroy anything.[/QUOTE] Oh yeah that makes sense now. I'm not having a very good day in terms of reading comprehension it seems :v:
From what I understand they are going to send requests to the vulnerable DNS servers and then make them send the response to the core DNS. They don't have the capacity to send enough data, but these servers might. I think it works on this basis: The request is smaller than the response, so they can send a thousand MB of requests and it will give out >1000MB of data (obviously on a much larger scale). Do correct me if I am wrong. [QUOTE] The flaw is as follow; since the UDP protocol allows it, we can change the source IP of the sender to our target, thus spoofing the source of the DNS query. The DNS server will then respond to that query by sending the answer to the spoofed IP. [B]Since the answer is always bigger than the query[/B], the DNS answers will then flood the target ip. It is called an amplified because we can use small packets to generate large traffic. It is called reflective because [B]we will not send the queries to the root name servers[/B], instead, [B]we will use a list of known vulnerable DNS servers which will attack the root servers for us.[/B][/QUOTE]
[QUOTE=GlebGuy;34817201]I think they're going to do it differently, maybe instead of going through the biggest pipe, clog up one of the smallest to cause a chain-reaction? I don't know, I really don't know anything about computers but that seems something that could happen. But I still doubt it they will manage.[/QUOTE] Unless they pull something [i]real[/i] fancy out of their asses, they just not going to get the resources to take down all 13 of them. And taking one server down is more likely to make a back-up one come online that it is to cause a "chain reaction".
[QUOTE=SomeDumbShit;34817097]Regular people will notice it and blame their ISP, call it up, they'll say its the DNS servers, customer won't understand, nothing will happen.[/QUOTE] kind of like when I called my ISP and I told them it was the DNS servers and they didn't understand?
[QUOTE=Venezuelan;34817812]kind of like when I called my ISP and I told them it was the DNS servers and they didn't understand?[/QUOTE] Depends which tier of support you were talking to at the time. The tier 1 support barely understand the basics of networking, and are reading a script. The few that do understand it still have to read the bloody script which is a waste of time. Higher tier support will actually understand things a lot better thankfully. It's just getting the tier 1 guys to forward your call to their supervisors can be hard at times.
I doubt this will happen. Anonymous is against censorship, and this is censorship.
Would be my fucking birthday.
Let's protest against things we hate by shutting down the things we like.
[QUOTE=NeonpieDFTBA;34817747]From what I understand they are going to send requests to the vulnerable DNS servers and then make them send the response to the core DNS. They don't have the capacity to send enough data, but these servers might. I think it works on this basis: The request is smaller than the response, so they can send a thousand MB of requests and it will give out >1000MB of data (obviously on a much larger scale). Do correct me if I am wrong.[/QUOTE] you're assuming the vunerable dns servers have the capability to match the 242 root servers unless every single dns host out there is fucking [b]retarded[/b], then no, there's probably not enough bandwidth to do such a thing. [b]edit: [/b]for clarification: even with 1:1 bandwidth capacity between the root servers and the secondaries you'd still need 242 servers to knock the root servers out of existance and, if i recall correctly the root server have on average 10x the amount of bandwidth most secondary (openDNS/google) has so you'd need 2420 servers (on average)
If they do succeed, it's going to be like the ending from planet of the apes. "YOU MANIACS! YOU BLEW IT UP! YOU BLEW EVERYTHING UP!"
[QUOTE=Fujitechs;34817874]I doubt this will happen. Anonymous is against censorship, and this is censorship.[/QUOTE] This isn't censorship? They're taking the entirety of the dns servers down for like a day, you can still connect via direct ip.
[QUOTE=Crimor;34818048]This isn't censorship? They're taking the entirety of the dns servers down for like a day, you can still connect via direct ip.[/QUOTE] it's harder though eg: joeblogs.com is hosted on 24.24.24.24 but it's not at the html root of 24.24.24.24, it's located somewhere like home/joeb/public_html/ so you'd have to enter 24.24.24.24/home/joeb/public_html/ in order to not use the domain name
They haven't delivered on any of their threats from last year.
[QUOTE=Rents;34817756]Unless they pull something [i]real[/i] fancy out of their asses, they just not going to get the resources to take down all 13 of them. And taking one server down is more likely to make a back-up one come online that it is to cause a "chain reaction".[/QUOTE] That's the thing with reflected flooding though; You're tricking someone else's server into taking down the main target. That's how devnull works for example.
[QUOTE=ReLak;34818069]it's harder though eg: joeblogs.com is hosted on 24.24.24.24 but it's not at the html root of 24.24.24.24, it's located somewhere like home/joeb/public_html/ so you'd have to enter 24.24.24.24/home/joeb/public_html/ in order to not use the domain name[/QUOTE] It would also be pointless for most websites because nothing would be updated. So few people know how to do this that knowing would be useless. All I use is Twitter, Facebook, BBC and Facepunch, all of which require activity to be useful, thus rendering this useless unless everyone knew, which would render the attack useless. The only use of this would be to get to Wikipedia pages etc. for information.
[QUOTE=Im Crimson;34818245]That's the thing with reflected flooding though; You're tricking someone else's server into taking down the main target. That's how devnull works for example.[/QUOTE] I know that, but it's not going to be anywhere enough to take them all down, they might get a handful of them though.
[quote] October 21, 2002 On October 21, 2002 an attack lasting for approximately one hour was targeted at all 13 DNS root name servers.[1] This event was the first significant attack directed at disabling the Internet itself instead of specific websites.[citation needed] This was the second significant failure of the root nameservers. The first caused the failure of seven machines in April 1997 due to a technical problem.[2] February 6, 2007 On February 6, 2007 an attack began at 10 AM UTC and lasted twenty-four hours. At least two of the root servers (G-ROOT and L-ROOT) reportedly suffered badly while two others (F-ROOT and M-ROOT) experienced heavy traffic. The latter largely contained the damage by distributing requests to other root server instances with anycast addressing. ICANN published a formal analysis shortly after the event.[3] Due to a lack of detail, speculation about the incident proliferated in the press until details were released.[4] On February 8, 2007 it was announced by Network World that: [B]"If the United States found itself under a major cyberattack aimed at undermining the nation's critical information infrastructure, the Department of Defense is prepared, based on the authority of the President, to launch [...] an actual bombing of an attack source or a cyber counterattack."[/B][5][/quote] Ahahaha they're going to get their basements strafed
These guys really don't think of practical ways to solve problems. THE U.S. ARE BLOCKING TPB?! TAKE DOWN EVERYTHING
[QUOTE=Rents;34817105]Don't these servers get retarded amounts of traffic anyway? How many requests is it going to take to DoS them?[/QUOTE] The whole idea is that the requests they send are spoofed UDP packets, will will bounce back to one of the other root DNS servers with a larger, basically bouncing between them, amplified each time. Then they add more and more. I think that's their plan, the source doesn't have much detail.
Who are they to shut down everyone Internet that they pay for and work hard for? This is nothing but terrorism.
[QUOTE=SataniX;34818370]The whole idea is that the requests they send are spoofed UDP packets, will will bounce back to one of the other root DNS servers with a larger, basically bouncing between them, amplified each time. Then they add more and more. I think that's their plan, the source doesn't have much detail.[/QUOTE] it's not a feedback loop, it's signal amplification except with bandwidth i.e they send 1 packet to a server which sends a 10x larger packet to the root server
Companies hosting those DNS can fight back very easily.
I could see this working. It would still take a LOT of bandwidth though. It's more likely that they'll end up taking out the vulnerable DNS's that they're using, rather than the root ones that they're attacking.
[QUOTE=Reader;34818457]Companies hosting those DNS can fight back very easily.[/QUOTE] Like NASA. Ever heard of a colony drop?
Sorry, you need to Log In to post a reply to this thread.