Anonymous threatens to DDOS root Internet servers
The threat from the hacktivist group is unlikely to be successful, said an expert
IDG News Service - An upcoming campaign announced by the hacking group Anonymous directed against the Internet's core address lookup system is unlikely to cause much damage, according to one security expert.
In a warning on Pastebin, Anonymous said last Thursday it would launch an action on March 31 as part of "Operation Global Blackout" that would target the root Domain Name System (DNS) servers.
Anonymous said the attack has been planned as a protest against "our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun".
The DNS translates a Web site name, such as www.idg.com, into a numerical IP (Internet Protocol) address, which is used by computers to find the Web site.
The 13 authoritative root servers contain the master list of where other nameservers can look up an IP address for a domain name within a certain top-level domain such as ".com."
The group said it had built a "Reflective DNS Amplification DDOS" (distributed denial-of-service) tool, which causes other DNS servers to overwhelm those root servers with lots of traffic, according to the Pastebin post.
But there are several factors working against the Anonymous campaigners, wrote Robert Graham, CEO of Errata Security.
"They might affect a few of the root DNS servers, but it's unlikely they could take all of them down, at least for any period of time," Graham wrote. "On the day of their planned Global Blackout, it's doubtful many people would notice."
Although there are 13 root servers, an attack on one would not affect the other 12, Graham wrote. Additionally, an attack would be less successful due to "anycasting," which allows traffic for a root server to be redirected to another server containing a replica of the same data.
There are hundreds of other servers worldwide that hold the same data as the root servers, which increase the resiliency of DNS.
ISPs also tend to cache DNS data for a while, Graham wrote. ISPs may cache data for a day or two before needing to do a fresh lookup, a time period that can be set on servers known as "time-to-live." It means that even if a root server was down, it would not necessarily immediately affect an ISP's customers.
Lastly, root DNS servers are closely watched. If trouble started, the malicious traffic to the root servers would likely be blocked, with disruptions lasting a few minutes, Graham wrote.
"Within minutes of something twitching, hundreds of Internet experts will converge to solve the problem," he wrote.
Send news tips and comments to email@example.com
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!