Anonymous threatens to DDOS root Internet servers
The threat from the hacktivist group is unlikely to be successful, said an expert
IDG News Service - An upcoming campaign announced by the hacking group Anonymous directed against the Internet's core address lookup system is unlikely to cause much damage, according to one security expert.
In a warning on Pastebin, Anonymous said last Thursday it would launch an action on March 31 as part of "Operation Global Blackout" that would target the root Domain Name System (DNS) servers.
Anonymous said the attack has been planned as a protest against "our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun".
The DNS translates a Web site name, such as www.idg.com, into a numerical IP (Internet Protocol) address, which is used by computers to find the Web site.
The 13 authoritative root servers contain the master list of where other nameservers can look up an IP address for a domain name within a certain top-level domain such as ".com."
The group said it had built a "Reflective DNS Amplification DDOS" (distributed denial-of-service) tool, which causes other DNS servers to overwhelm those root servers with lots of traffic, according to the Pastebin post.
But there are several factors working against the Anonymous campaigners, wrote Robert Graham, CEO of Errata Security.
"They might affect a few of the root DNS servers, but it's unlikely they could take all of them down, at least for any period of time," Graham wrote. "On the day of their planned Global Blackout, it's doubtful many people would notice."
Although there are 13 root servers, an attack on one would not affect the other 12, Graham wrote. Additionally, an attack would be less successful due to "anycasting," which allows traffic for a root server to be redirected to another server containing a replica of the same data.
There are hundreds of other servers worldwide that hold the same data as the root servers, which increase the resiliency of DNS.
ISPs also tend to cache DNS data for a while, Graham wrote. ISPs may cache data for a day or two before needing to do a fresh lookup, a time period that can be set on servers known as "time-to-live." It means that even if a root server was down, it would not necessarily immediately affect an ISP's customers.
Lastly, root DNS servers are closely watched. If trouble started, the malicious traffic to the root servers would likely be blocked, with disruptions lasting a few minutes, Graham wrote.
"Within minutes of something twitching, hundreds of Internet experts will converge to solve the problem," he wrote.
Send news tips and comments to email@example.com
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!