Often referred to as a “hacker collective,” they’re probably most memorable in your day-to-day life as the originators of every meme on the Internet today. They are, flatly, not a “collective” and not nearly all “hackers.” But that doesn’t mean a threat of a new attack from someone claiming to be “anonymous” doesn’t scare website operators. Recently, a pastebin post circulated through Anonymous declaring an attempt to weaponize a known Internet vulnerability: DNS amplification.
Anyone versed in the common tactics used by the antisocial corners of the Internet know the bulk of “attacks” taking place on a website are what is known as a Distributed Denial of Service attack. In this type of attack, a large number of requests are sent to a website (or other networked resource) to overwhelm its ability to process any legitimate requests. They crowd out the actual users from the website. Anonymous tends to perform this using an open-source utility known as the Low-orbiting Ion Cannon. The effectiveness of this application is limited by the number of people willing to run it on their machines at once, which not only consumes all of the attacker’s bandwidth, but also exposes less savvy attackers to being exposed to authorities.
Historically, there was another type of attack called smurfing, which used the ping utility routed through poorly set-up networks to enable users to send one ping from their machine and send as many as 20 pings out to a victim network. By multiplying the efficacy of this attack, someone was able to use fewer network resources to inflict more damage on a victim, with the added bonus of the source of the attack seeming to be the hapless site operator used to multiply the pings. This attack has fallen by the wayside since networking best practices have proliferated, ending the prevalence of “smurf amplifiers.”
This was transposed in a 2006 paper to operate on the Domain Name System, the utility that converts a domain name (like luc.edu) into an IP address your computer can actually use. As part of DNS, the root servers are the first step most DNS requests can recursively request smaller DNS servers come up with the actual information the original requester needs. Additionally, a root DNS server will often send out multiple recursive calls at once. To add to the problem, DNS responses are much larger than DNS requests. Altogether, this is a recipe for creating a lot of traffic with little initial investment by an attacker. This is, essentially, a smurf attack, but stronger and more tightly bound to the core of the Internet.
Don’t panic. Anonymous rarely has enough people invested in an attack to actually have a substantial impact. In addition, Anonymous is so nebulously defined that any individual could post as “Anonymous.” But this is a relatively new threat and could result in a big impact if enough folks were motivated.
There’s a lot more great detail about this attack and claim by Anonymous at Ars Technica.
Submitted By: Benjamin Pellittieri
The power of your thoughts can open any door and you can set yourself free.