On 31 March 2012 Anonymous will not shut the Internet down

There have been recent Pastebins
and postings on Reddit that Anonymous will shut down the internet on 31/03/2012 by DDoS attack against 13 ROOT DNS servers. If only it were that easy to “shut-off” the internet but it is not.    

Let me explain a bit and please post comments and review Dan Kaminsky’s Blog on this and related topics.

There are more than 13 DNS Servers at ROOT level which offer DNS services. “There are currently 13 root name servers specified, with names in the form letter.root-servers.net, where letter ranges from A to M. This does not mean there are 13 physical servers” from Wikipedia.

  1. The entire DNS infrastructure does not operate only on IP version 4. The only addresses listed in the announcement for Operation Blackout are IP version 4 addresses.
    1. We use IPv6 in most of Asia for example. The Pastebin stated the operation would utilize static IP addresses so the attack could execute unchecked yet left out the entire IPv6 Main DNS infrastructure.
    2. There are alternate DNS/internets.
  2. There are more than 13 ROOT DNS servers.
    1. Below is a map of the publically known ROOT DNS servers both IPv4 and IPv6. You might notice there are many more than 13 physical ROOT servers with letters, the DNS infrastructure had redundancy.
  3. DNS reflective attacks don’t affect DNS SEC ROOT servers in the method contained in the Pastebin.
    1. Many of the IPv4 DNS ROOT addresses have already switched over to DNS SEC. DNS SEC provides Data Origin Authentication and Data Integrity among other more secure features. In previous years the DNS protocol might have allowed such attacks to be successful, but now not really a major threat.
  4. The attack is based on a spoofed/false source IP address.
    1. There is a bevy of security applications which detect spoofed source IPv4 addresses, sometimes based on an incorrect checksum which the script provided does not “correct”. Security and other controls normally drop the packets of suspected spoofed traffic.

 

Source: Google Maps from http://root-servers.org/

I hope this helps clarify the sensationalism regarding this topic. If you have more information or a better method to describe the issue please post or comment.

 
 

  

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: