Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Tomorrow, the world will end - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Tomorrow, the world will end


No, this isn't about the Mayan calendar, and that particular instance of "End of the World" is anyway not scheduled to happen until December 21st.

This is about March 31st, and the announcement by "Anonymous", or those who claim to be "Anonymous", to wipe out the DNS root servers with a Distributed Denial of Service (DDoS) attack on March 31. Cricket Liu, the author of most of the O'Reilly DNS books and an authority on the subject, has posted a good blog entry at http://www.cricketondns.com/post.cfm/could-a-ddos-attack-against-the-roots-succeed, explaining in-depth that while such an attack is theoretically feasible, it is unlikely to succeed at a large scale.

We'll have to see. If DNS stops working tomorrow, we at least only have to live without it until December 21st, when the world will end for good anyway :).

Daniel

367 Posts
ISC Handler
In other words, it would be a good idea to ping your favorite websites today and record IP Addresses ;)
John

10 Posts
Meh, if they succeed, I have an excuse to take a day off. Got a few movies here on DVD, a bowl of popcorn, a disc and a fetchaholic dog. Plus it's the start of gardening season and I've got a greenhouse to stock...

Prolly should start on the greenhouse first...

If the world ends, let me know.
John
57 Posts
It's all good, its already tomorrow here Downunder and the Googles still works ...so far!
John
2 Posts
Wouldn't it take 48 hours before we noticed this due to the TTL? I guess dig +trace might show it, or non-cached records would.
John
1 Posts
Re. Graham's comment. The UK's BBC broadcast a radio show yesterday that discussed the concept of when when is. I'm not sure if its available outside the UK, but the url to listen to the show is http://www.bbc.co.uk/iplayer/episode/b01dvw6t/In_Our_Time_The_Measurement_of_Time (and very interesting it was)

Anyway, during the show, one of the speakers said that George Bush Snr announced that the war on Iraq would start at 5pm. In response world's press said “5pm, but 5pm where?"
John
1 Posts
The original threat to take down the Internet DNS-system was posted here:

http://pastebin.com/NKbnh8q8

In the above pastebin-post, the following is stated:

"download link in #opGlobalBlackout"

If you entered the Anonymous IRC-network at the time this was posted, the topic of channel opGlobalBlackout was: Official Press Release: http://pastebin.com/yK79Tsgq

As you can see, the "Press Release" tells potential Anonymous-members to stop waging war, that peace is the way to go, to stop DDoS-attacks. This is another words an "anti-op" designed to get potential anonymous-recruits to think about what they are doing.

There never was an operation. There was only an anti-operation, designed to get people to think.
John
1 Posts
If the method of DDOS was to be as described in those postings to PasteBin, it probably would have failed:
* spoofed UDP-packets with identical "source" and "target" IP-addresses (namely of the targeted DNS-server) would probably be blocked by anti-spoofing rules on the Access Control List of the router between the DNS-server and the rest of the Internet.
* the programming of the DNS-server software would drop any outgoing UDP-packets with a "target" IP-address of itself.

Think "defensive" programming for any DNS-server that is "robust" enough to make the "Top 13" trusted servers, and sleep well at night.


Anonymous

Sign Up for Free or Log In to start participating in the conversation!