1. Post #1
    Gold Member
    Mr.T's Avatar
    August 2010
    2,691 Posts
    -----------------------------------------------------------------------
    01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111
    01101110 01000111 01101100 01101111 01100010 01100001 01101100
    01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100
    -----------------------------------------------------------------------
    ___ _ _ ___ _ _ _
    / _ \ _ __ ___ _ _ __ _| |_(_)___ _ _ / __| |___| |__ __ _| |
    | (_) | '_ \/ -_) '_/ _` | _| / _ \ ' \ | (_ | / _ \ '_ \/ _` | |
    \___/| .__/\___|_| \__,_|\__|_\___/_||_| \___|_\___/_.__/\__,_|_|
    |_|
    ___ _ _ _
    | _ ) |__ _ __| |_____ _ _| |_
    | _ \ / _` / _| / / _ \ || | _|
    |___/_\__,_\__|_\_\___/\_,_|\__|

    -----------------------------------------------------------------------
    01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111
    01101110 01000111 01101100 01101111 01100010 01100001 01101100
    01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100
    -----------------------------------------------------------------------
    "The greatest enemy of freedom is a happy slave."

    To protest SOPA, Wallstreet, our irresponsible leaders and the beloved
    bankers who are starving the world for their own selfish needs out of
    sheer sadistic fun, On March 31, the Internet will go Black.

    In order to shut the Internet down, one thing is to be done. Down the
    13 root DNS servers of the Internet. Those servers are as follow:

    A 198.41.0.4
    B 192.228.79.201
    C 192.33.4.12
    D 128.8.10.90
    E 192.203.230.10
    F 192.5.5.241
    G 192.112.36.4
    H 128.63.2.53
    I 192.36.148.17
    J 192.58.128.30
    K 193.0.14.129
    L 199.7.83.42
    M 202.12.27.33

    By cutting these off the Internet, nobody will be able to perform a
    domain name lookup, thus, disabling the HTTP Internet, which is,
    after all, the most widely used function of the Web. Anybody entering
    "http://www.google.com" or ANY other url, will get an error page,
    thus, they will think the Internet is down, which is, close enough.
    Remember, this is a protest, we are not trying to 'kill' the Internet,
    we are only temporarily shutting it down where it hurts the most.

    While some ISPs uses DNS caching, most are configured to use a low
    expire time for the cache, thus not being a valid failover solution
    in the case the root servers are down. It is mostly used for speed,
    not redundancy.

    I have compiled a Reflective DNS Amplification DDoS tool to be used for
    this attack. It is based on AntiSec's DHN, contains a few bugfix, a
    different dns list/target support and is a bit stripped down for speed.

    The principle is simple; a flaw that uses forged UDP packets is to be
    used to trigger a rush of DNS queries all redirected and reflected to
    those 13 IPs. The flaw is as follow; since the UDP protocol allows it,
    we can change the source IP of the sender to our target, thus spoofing
    the source of the DNS query.

    The DNS server will then respond to that query by sending the answer to
    the spoofed IP. Since the answer is always bigger than the query, the
    DNS answers will then flood the target ip. It is called an amplified
    because we can use small packets to generate large traffic. It is called
    reflective because we will not send the queries to the root name servers,
    instead, we will use a list of known vulnerable DNS servers which will
    attack the root servers for us.

    DDoS request ---> [Vulnerable DNS Server ] <---> Normal answer <---> Normal Client request
    \
    | ( Spoofed UDP requests
    | will redirect the answers
    | to the root name server )
    |
    [ 13 root servers ] * BAM

    Since the attack will be using static IP addresses, it will not rely
    on name server resolution, thus enabling us to keep the attack up even
    while the Internet is down. The very fact that nobody will be able to
    make new requests to use the Internet will slow down those who will try
    to stop the attack.

    "He who sacrifices freedom for security deserves neither."
    Benjamin Franklin

    We know you wont' listen. We know you won't change. We know it's because
    you don't want to. We know it's because you like it how it is. You bullied
    us into your delusion. We have seen you brutalize harmless old womans who were
    protesting for peace. We do not forget because we know you will only use that
    to start again. We know your true face. We know you will never stop. Neither
    are we. We know.

    We are Anonymous.
    We are Legion.
    We do not Forgive.
    We do not Forget.
    You know who you are, Expect us.
    http://pastebin.com/XZ3EGsbc

    With the collective power of Anonymous this isn't impossible.
    Reply With Quote Edit / Delete Reply Windows XP Sweden Show Events Funny x 163Dumb x 6Late x 4Optimistic x 4Winner x 3Agree x 1Disagree x 1 (list)

  2. Post #2
    ashton93's Avatar
    August 2010
    1,407 Posts
    Im against SOPA, PIPA and all that stuff, but is this really the way to go?
    Reply With Quote Edit / Delete Reply Windows 7 Norway Show Events Agree Agree x 53Disagree Disagree x 2 (list)

  3. Post #3
    Gold Member
    Jackpody's Avatar
    August 2010
    2,635 Posts
    Remember how they were going to take down Facebook for a day too
    . . . .
    This is not going to happen.
    Reply With Quote Edit / Delete Reply Denmark Show Events Agree Agree x 90 (list)

  4. Post #4
    One of these days, I'm going to cut you into little pieces.
    AJisAwesome15's Avatar
    May 2011
    5,929 Posts
    How about 127.0.0.1
    Reply With Quote Edit / Delete Reply United States Show Events Funny Funny x 129Winner Winner x 8Agree Agree x 3 (list)

  5. Post #5
    GLH
    GLH's Avatar
    July 2011
    703 Posts

    (User was banned for this post ("Video macro" - Orkel))
    Reply With Quote Edit / Delete Reply Windows 7 Netherlands Show Events Agree x 102Informative x 1Friendly x 1Useful x 1Disagree x 1Funny x 1 (list)

  6. Post #6
    Gold Member
    KlaseR's Avatar
    December 2007
    3,852 Posts
    it's not the first time anonymous threatens to close stuff down. And they pretty much never succeed.
    Reply With Quote Edit / Delete Reply Windows 7 Italy Show Events Agree Agree x 10Dumb Dumb x 1Informative Informative x 1Disagree Disagree x 1 (list)

  7. Post #7
    We know you wont' listen. We know you won't change. We know it's because
    you don't want to. We know it's because you like it how it is. You bullied
    us into your delusion. We have seen you brutalize harmless old womans who were
    protesting for peace. We do not forget because we know you will only use that
    to start again. We know your true face. We know you will never stop. Neither
    are we. We know.


    (User was banned for this post ("Image macro/reaction image again" - Orkel))
    Reply With Quote Edit / Delete Reply Windows XP United States Show Events Funny Funny x 105Agree Agree x 7Dumb Dumb x 5 (list)

  8. Post #8
    Gold Member
    Amy Pond's Avatar
    November 2010
    1,348 Posts
    How about 127.0.0.1
    Hope you're joking.

    Edit:

    64 Dumb's later, I hope I was joking.
    Reply With Quote Edit / Delete Reply Windows 7 Curacao Show Events Dumb Dumb x 69 (list)

  9. Post #9
    Adarrek's Avatar
    May 2010
    2,485 Posts
    Thread title is march 21 anon says march 31st. Which one is it?

  10. Post #10
    ExplodingGuy's Avatar
    December 2009
    7,517 Posts
    Funny guys, that anonymous.

  11. Post #11
    One of these days, I'm going to cut you into little pieces.
    AJisAwesome15's Avatar
    May 2011
    5,929 Posts
    Hope you're joking.
    Well I know that's not a DNS root ip if that's what you mean

  12. Post #12
    I hate US Marines
    Itsjustguy's Avatar
    July 2009
    4,291 Posts
    Im against SOPA, PIPA and all that stuff, but is this really the way to go?
    Yes, because regular people will not notice this, until they see that websites are going down and understand it's not just the people who use internet regularly.

  13. Post #13
    Hullu V3's Avatar
    October 2009
    6,412 Posts


    (User was banned for this post ("Image Macro" - Megafan))
    Reply With Quote Edit / Delete Reply Windows 7 Finland Show Events Funny Funny x 157Agree Agree x 12Dumb Dumb x 3 (list)

  14. Post #14
    Gold Member
    SomeDumbShit's Avatar
    January 2010
    4,197 Posts
    Regular people will notice it and blame their ISP, call it up, they'll say its the DNS servers, customer won't understand, nothing will happen.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Agree Agree x 35 (list)

  15. Post #15
    White Fusion will love him forever and ever~
    Rents's Avatar
    January 2012
    10,936 Posts
    Don't these servers get retarded amounts of traffic anyway? How many requests is it going to take to DoS them?
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Agree Agree x 17 (list)

  16. Post #16
    Gold Member
    Alan Ninja!'s Avatar
    February 2009
    1,884 Posts

    (User was banned for this post ("Video macro" - Orkel))
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 30Dumb Dumb x 1 (list)

  17. Post #17
    hi there
    Dennab
    September 2011
    5,898 Posts
    lolokay
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Dumb Dumb x 2 (list)

  18. Post #18
    Gold Member
    Baldr 2.0's Avatar
    April 2011
    4,017 Posts
    October 21, 2002
    On October 21, 2002 an attack lasting for approximately one hour was targeted at all 13 DNS root name servers.[1]
    This event was the first significant attack directed at disabling the Internet itself instead of specific websites.[citation needed] This was the second significant failure of the root nameservers. The first caused the failure of seven machines in April 1997 due to a technical problem.[2]
    February 6, 2007
    On February 6, 2007 an attack began at 10 AM UTC and lasted twenty-four hours. At least two of the root servers (G-ROOT and L-ROOT) reportedly suffered badly while two others (F-ROOT and M-ROOT) experienced heavy traffic. The latter largely contained the damage by distributing requests to other root server instances with anycast addressing. ICANN published a formal analysis shortly after the event.[3]
    Due to a lack of detail, speculation about the incident proliferated in the press until details were released.[4]
    On February 8, 2007 it was announced by Network World that: "If the United States found itself under a major cyberattack aimed at undermining the nation's critical information infrastructure, the Department of Defense is prepared, based on the authority of the President, to launch [...] an actual bombing of an attack source or a cyber counterattack."[5]
    Reply With Quote Edit / Delete Reply Linux Netherlands Show Events Funny Funny x 27 (list)

  19. Post #19
    GlebGuy's Avatar
    August 2010
    2,419 Posts
    Don't these servers get retarded amounts of traffic anyway? How many requests is it going to take to DoS them?
    I think they're going to do it differently, maybe instead of going through the biggest pipe, clog up one of the smallest to cause a chain-reaction?
    I don't know, I really don't know anything about computers but that seems something that could happen.
    But I still doubt it they will manage.

  20. Post #20
    Glorious GNU/Linux Master Race
    kaukassus's Avatar
    May 2010
    5,718 Posts
    and not a single shit happens that day.
    Reply With Quote Edit / Delete Reply Mac Switzerland Show Events Agree Agree x 11 (list)

  21. Post #21
    Gold Member
    goon165's Avatar
    August 2006
    9,884 Posts
    Got to love Anonymous and their flair for the dramatic.

    We'll see.
    Reply With Quote Edit / Delete Reply Windows 7 United States Show Events Agree Agree x 1 (list)

  22. Post #22
    D3vils Buddy's Avatar
    January 2008
    6,521 Posts
    anonymous, the internet is their world... so they decided to 'take it down'.
    That's like burning down your own home because you hate an estate agent.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Agree Agree x 34Funny Funny x 9Winner Winner x 1 (list)

  23. Post #23
    Gold Member
    Baldr 2.0's Avatar
    April 2011
    4,017 Posts
    With some luck you ISP will have a copy so you won't notice it anyway (the few new domain names you will have to miss is a minor problem).

  24. Post #24
    Gold Member
    Stick it in her pooper's Avatar
    April 2009
    841 Posts
    they could do it if they have enough guys who have their own botnet, and plenty of people in the past were known to share theirs or rent them out on the black market

    so who knows what might happen

  25. Post #25
    Gold Member
    Baldr 2.0's Avatar
    April 2011
    4,017 Posts
    -wrong topic-
    Reply With Quote Edit / Delete Reply Linux Netherlands Show Events Friendly Friendly x 2 (list)

  26. Post #26
    Gold Member
    ReLak's Avatar
    January 2007
    530 Posts
    uh

    it doesn't work this way

    there are more than 13 root servers because you can anycast them (there's 242 servers covering almost every country in the world)

    the amount of bandwidth required is probably more than vulnerable dns servers can put out

    secondary dns servers (like openDNS or google's DNS) wouldn't be affected as they're built for redundancy

    this is really fucking easy to block with any basic firewall

    edit:

    the holy grail of dns attacks would be to redirect every record ever to a single site, which could display "you're seeing this page because bla bla"
    Reply With Quote Edit / Delete Reply Windows 7 Australia Show Events Agree Agree x 12Informative Informative x 1Winner Winner x 1Disagree Disagree x 1 (list)

  27. Post #27
    Gold Member
    Im Crimson's Avatar
    December 2005
    6,085 Posts
    Novel effort, but
    1. It probably isn't gonna work,
    2. Those affected won't know it's a protest, they'll just keep hitting their computers and restarting their routers.

    I've been using google's DNS servers for a while anyway. They are 8.8.8.8 and 8.8.4.4 if you want to use them (Control Panel > Network adapter properties > TCP/IP v4 > Custom DNS servers).
    Reply With Quote Edit / Delete Reply Windows 7 Sweden Show Events Agree Agree x 10Useful Useful x 3Friendly Friendly x 2 (list)

  28. Post #28
    Marik Bentusi's Avatar
    June 2010
    6,316 Posts
    anonymous, the internet is their world... so they decided to 'take it down'.
    That's like burning down your own home because you hate an estate agent.
    Except you can reconstruct your house at will. IF you even manage to light a matchstick.

  29. Post #29
    Reply With Quote Edit / Delete Reply Windows 7 Latvia Show Events Funny Funny x 9 (list)

  30. Post #30
    Gold Member
    SystemGS's Avatar
    June 2007
    2,855 Posts
    anonymous, go back to doing cool stuff

    this is fucking annoying

  31. Post #31
    Gold Member
    CWalkthroughs's Avatar
    July 2010
    3,241 Posts
    anonymous, go back to doing cool stuff

    this is fucking annoying
    They did cool stuff?
    Reply With Quote Edit / Delete Reply Windows Vista United Kingdom Show Events Agree Agree x 16Dumb Dumb x 1 (list)

  32. Post #32
    Gold Member
    hexpunK's Avatar
    August 2008
    15,659 Posts
    Except you can reconstruct your house at will. IF you even manage to light a matchstick.
    I don't get what you're getting at here. A DNS server can be brought back online, or have a redundant server take its place, and it will only take a short time for the other DNS servers around the world to update their records and start directing queries to that instead.

    Besides, if they truly were attacking the "core" DNS servers of the Internet, good fucking luck. These servers get tons of traffic under normal usage, they are built and connected to take the brunt of mass floods of traffic. I can't actually see this working as they expect. DNS is pretty distributed, other than private servers, there are bound to be other DNS servers that have records for other large servers. They might cause a slight hiccup in the function of DNS for a while until someone fixes it, assuming they even do anything noticeable at all.
    Reply With Quote Edit / Delete Reply Windows 7 United Kingdom Show Events Agree Agree x 4 (list)

  33. Post #33
    Gold Member
    HetsuProcyon's Avatar
    May 2011
    2,128 Posts
    why
    ?

  34. Post #34
    Gold Member
    Dennab
    January 2012
    1,310 Posts
    Of course that will solve everything.

  35. Post #35
    Marik Bentusi's Avatar
    June 2010
    6,316 Posts
    I don't get what you're getting at here. A DNS server can be brought back online, or have a redundant server take its place, and it will only take a short time for the other DNS servers around the world to update their records and start directing queries to that instead.

    Besides, if they truly were attacking the "core" DNS servers of the Internet, good fucking luck. These servers get tons of traffic under normal usage, they are built and connected to take the brunt of mass floods of traffic. I can't actually see this working as they expect. DNS is pretty distributed, other than private servers, there are bound to be other DNS servers that have records for other large servers. They might cause a slight hiccup in the function of DNS for a while until someone fixes it, assuming they even do anything noticeable at all.
    Which is exactly what I said. Even IF they manage to do any damage (=light a matchstick) the situation can be easily restored to normal once they get bored with it (=reconstruct the house you burnt down). You might piss off some people, but you wouldn't destroy anything.

  36. Post #36
    Vobra's Avatar
    November 2010
    201 Posts
    I see the U.S. Gov. Using this against them in order to pass legislation. That is if they suceed of course.

  37. Post #37
    Gold Member
    hexpunK's Avatar
    August 2008
    15,659 Posts
    Which is exactly what I said. Even IF they manage to do any damage (=light a matchstick) the situation can be easily restored to normal once they get bored with it (=reconstruct the house you burnt down). You might piss off some people, but you wouldn't destroy anything.
    Oh yeah that makes sense now. I'm not having a very good day in terms of reading comprehension it seems

  38. Post #38
    NeonpieDFTBA's Avatar
    January 2012
    984 Posts
    From what I understand they are going to send requests to the vulnerable DNS servers and then make them send the response to the core DNS. They don't have the capacity to send enough data, but these servers might. I think it works on this basis: The request is smaller than the response, so they can send a thousand MB of requests and it will give out >1000MB of data (obviously on a much larger scale).

    Do correct me if I am wrong.
    The flaw is as follow; since the UDP protocol allows it,
    we can change the source IP of the sender to our target, thus spoofing
    the source of the DNS query.

    The DNS server will then respond to that query by sending the answer to
    the spoofed IP. Since the answer is always bigger than the query, the
    DNS answers will then flood the target ip. It is called an amplified
    because we can use small packets to generate large traffic. It is called
    reflective because we will not send the queries to the root name servers,
    instead, we will use a list of known vulnerable DNS servers which will
    attack the root servers for us.

  39. Post #39
    White Fusion will love him forever and ever~
    Rents's Avatar
    January 2012
    10,936 Posts
    I think they're going to do it differently, maybe instead of going through the biggest pipe, clog up one of the smallest to cause a chain-reaction?
    I don't know, I really don't know anything about computers but that seems something that could happen.
    But I still doubt it they will manage.
    Unless they pull something real fancy out of their asses, they just not going to get the resources to take down all 13 of them. And taking one server down is more likely to make a back-up one come online that it is to cause a "chain reaction".

  40. Post #40
    Gold Member
    Venezuelan's Avatar
    September 2011
    12,366 Posts
    Regular people will notice it and blame their ISP, call it up, they'll say its the DNS servers, customer won't understand, nothing will happen.
    kind of like when I called my ISP and I told them it was the DNS servers and they didn't understand?
    Reply With Quote Edit / Delete Reply Windows 7 Brunei Darussalam Show Events Funny Funny x 17Agree Agree x 2 (list)