Anonymous Operation Blackout a ScAm – How recursive DNS queries work

gAtO fOuNd – that the famous Operation ShutDown the Internet was nothing but a copy from a Jun 5 2007 post in WindowsNetwork.Com on:

 How recursive DNS queries work.

 gAtO wanted to do some research and searched Google for “root DNS servers” then I hit Image only:  — and this little image came up with familiar DNS numbers. After checking it a little closer— These were the same DNS numbers, what could this be… a conspiracy???? nah some wannabe clowns can scare anyone these days with a FAKE.

How about some nutcase claiming to be Anonymous and writing some almost true geek and put it out as REAL. I know in LinkedIn the security professionals were loving this little idea how it could and could not work. My peers made a mockery of this in a way some came right out and said scam……

If your in security OK be paranoid but alway -Trust but Verify. -gAtO oUt

http://www.windowsnetworking.com/articles_tutorials/Understanding-DNS-Recursion.html

 

http://pastebin.com/NKbnh8q8

 

  1. ———————————————————————–
  2. 01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111
  3. 01101110  01000111 01101100 01101111 01100010 01100001 01101100
  4. 01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100
  5. ———————————————————————–
  6.   ___                     _   _             ___ _     _          _
  7.  / _ _ __  ___ _ _ __ _| |_(_)___ _ _    / __| |___| |__  __ _| |
  8. | (_) | ‘_ / -_) ‘_/ _` |  _| / _ ‘  | (_ | / _ ‘_ / _` | |
  9.  ___/| .__/___|_| __,_|__|____/_||_|  ___|____/_.__/__,_|_|
  10.       |_|
  11.  ___ _         _            _
  12. | _ ) |__ _ __| |_____ _  _| |_
  13. | _ / _` / _| / / _ || |  _|
  14. |___/___,___|_____/_,_|__|
  15. ———————————————————————–
  16. 01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111
  17. 01101110  01000111 01101100 01101111 01100010 01100001 01101100
  18. 01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100
  19. ———————————————————————–
  20.                 “The greatest enemy of freedom is a happy slave.”
  21. To protest SOPA, Wallstreet, our irresponsible leaders and the beloved
  22. bankers who are starving the world for their own selfish needs out of
  23. sheer sadistic fun, On March 31, anonymous will shut the Internet down.
  24. ———————————————————————–
  25. In order to shut the Internet down, one thing is to be done. Down the
  26. 13 root DNS servers of the Internet. Those servers are as follow:
  27. A       198.41.0.4
  28. B       192.228.79.201
  29. C       192.33.4.12
  30. D       128.8.10.90
  31. E       192.203.230.10
  32. F       192.5.5.241
  33. G       192.112.36.4
  34. H       128.63.2.53
  35. I       192.36.148.17
  36. J       192.58.128.30
  37. K       193.0.14.129
  38. L       199.7.83.42
  39. M       202.12.27.33
  40. By cutting these off the Internet, nobody will be able to perform a
  41. domain name lookup, thus, disabling the HTTP Internet, which is,
  42. after all, the most widely used function of the Web. Anybody entering
  43. http://www.google.com” or ANY other url, will get an error page,
  44. thus, they will think the Internet is down, which is, close enough.
  45. Remember, this is a protest, we are not trying to ‘kill’ the Internet,
  46. we are only temporarily shutting it down where it hurts the most.
  47. While some ISPs uses DNS caching, most are configured to use a low
  48. expire time for the cache, thus not being a valid failover solution
  49. in the case the root servers are down. It is mostly used for speed,
  50. not redundancy.
  51. We have compiled a Reflective DNS Amplification DDoS tool to be used for
  52. this attack. It is based on AntiSec’s DHN, contains a few bugfix, a
  53. different dns list/target support and is a bit stripped down for speed.
  54. The principle is simple; a flaw that uses forged UDP packets is to be
  55. used to trigger a rush of DNS queries all redirected and reflected to
  56. those 13 IPs. The flaw is as follow; since the UDP protocol allows it,
  57. we can change the source IP of the sender to our target, thus spoofing
  58. the source of the DNS query.
  59. The DNS server will then respond to that query by sending the answer to
  60. the spoofed IP. Since the answer is always bigger than the query, the
  61. DNS answers will then flood the target ip. It is called an amplified
  62. because we can use small packets to generate large traffic. It is called
  63. reflective because we will not send the queries to the root name servers,
  64. instead, we will use a list of known vulnerable DNS servers which will
  65. attack the root servers for us.
  66. DDoS request —>       [Vulnerable DNS Server  ]       <—> Normal client requests
  67.                                                        
  68.                                                          | ( Spoofed UDP requests
  69.                                                          |   will redirect the answers
  70.                                                          |   to the root name server )
  71.                                                          |
  72.                                         [       13 root servers         ] * BAM
  73. Since the attack will be using static IP addresses, it will not rely
  74. on name server resolution, thus enabling us to keep the attack up even
  75. while the Internet is down. The very fact that nobody will be able to
  76. make new requests to use the Internet will slow down those who will try
  77. to stop the attack. It may only lasts one hour, maybe more, maybe even
  78. a few days. No matter what, it will be global. It will be known.
  79. ———————————————————————–
  80.                 download link in #opGlobalBlackout
  81. ———————————————————————–
  82. The tool is named “ramp” and stands for Reflective Amplification. It is
  83. located in the ramp folder.
  84. ———-> Windows users
  85. In order to run “ramp”, you will need to download and install these two
  86. applications;
  87.         WINPCAP DRIVER  – http://www.winpcap.org/install/default.htm
  88.         TOR                             – http://www.torproject.org/dist/vidalia-bundles/
  89. The Winpcap driver is a standard library and the TOR client is used as
  90. a proxy client for using the TOR network.
  91. It is also recommended to use a VPN, feel free to choose your own flavor
  92. of this.
  93. To launch the tool, just execute “ramplaunch.bat” and wait. The attack
  94. will start by itself.
  95. ———-> Linux users
  96. The “ramp” linux client is located under the ramplinux folder and
  97. needs a working installation of python and scapy.
  98. ———————————————————————–
  99.         “He who sacrifices freedom for security deserves neither.”
  100.                                                                 Benjamin Franklin
  101. We know you wont’ listen. We know you won’t change. We know it’s because
  102. you don’t want to. We know it’s because you like it how it is. You bullied
  103. us into your delusion. We have seen you brutalize harmless old womans who were
  104. protesting for peace. We do not forget because we know you will only use that
  105. to start again. We know your true face. We know you will never stop. Neither
  106. are we. We know.
  107. We are Anonymous.
  108. We are Legion.
  109. We do not Forgive.
  110. We do not Forget.
  111. You know who you are, Expect us.
Advertisements

One response

  1. Pingback: Anonymous Operation Blackout a ScAm – How recursive DNS … | DNS Internet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: