Friday, March 30, 2012

No, Anonymous is Not Shutting Down the Internet

'Report: Anonymous Promises to Shut Down the Internet March 31'

So, someone posted this on PasteBin the other day, outlining a hack-attack on major DNS servers that will "shut down the Internet."  They claim to be the hacking group, Anonymous.  They're not.

Here's an outline of their attack.

The principle is simple; a flaw that uses forged UDP packets is to be
used to trigger a rush of DNS queries all redirected and reflected to
those 13 IPs. The flaw is as follow; since the UDP protocol allows it,
we can change the source IP of the sender to our target, thus spoofing 
the source of the DNS query. 

The DNS server will then respond to that query by sending the answer to 
the spoofed IP. Since the answer is always bigger than the query, the 
DNS answers will then flood the target ip. It is called an amplified
because we can use small packets to generate large traffic. It is called
reflective because we will not send the queries to the root name servers,
instead, we will use a list of known vulnerable DNS servers which will
attack the root servers for us.

Congratulations!  You've re-invented the DDoS.

Think about why there's no possible way this can work.  In order to prevent HTTP requests from reaching the DNS, they'd need to flood the DNS's with enough packets to form a constant stream of daemon-y packet messages.  They'd need more bots in their botnet than legitimate, Internet-using computers in the world.

Hence, to shut down the Internet, they'd pretty much have to own it.

Anonymous posted this message on Twitter the other day:

For the billionth time: #Anonymous will not shut down the Internet on 31 March. #OpGlobalBlackout is just another #OpFacebook failop. #yawn

That is all.  Enjoy your Internet on March 31.


  1. Haha, that's hilarious!

    I never knew there we people out there who want to anonymously pretend to be an anonymous group with intentions to shut down the internet.

    That twitter quote was right... #yawn

    1. Thinking it was an April Fools joke. Was kind of funny until half the Internet did a backflip and sweated their livers out over it.