Anonymous planning a root-servers party
As I hadn't seen it discussed here, I'll have to assume that many NANOGers haven't seen the latest rant from Anonymous: "To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, the Internet will go Black. In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet. Those servers are as follow:" http://pastebin.com/XZ3EGsbc 13 servers. Sshhhhh! Don't anybody mention anycast - it's a secret.
I really don't think Anonymous is dumb enough to forget about anycast. If i remember right, another group tried to take down the root servers within the past 5 or 6 years and only took out around 20 or 25. -Grant On Wed, Feb 15, 2012 at 4:36 PM, George Bakos <gbakos@alpinista.org> wrote:
As I hadn't seen it discussed here, I'll have to assume that many NANOGers haven't seen the latest rant from Anonymous:
"To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, the Internet will go Black. In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet. Those servers are as follow:"
13 servers. Sshhhhh! Don't anybody mention anycast - it's a secret.
On 2/15/2012 2:40 PM, Grant Ridder wrote:
I really don't think Anonymous is dumb enough to forget about anycast.
Given their track record, it does seem advisable to take the threat seriously, whatever taking it seriously might mean...
If i remember right, another group tried to take down the root servers within the past 5 or 6 years and only took out around 20 or 25.
Some discussions about that I recall guessed that it was an experimental probe, for learning how to do a better attack. (Remember that 9/11 was a revision of a prior attack on the towers.) d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net
On Wed, Feb 15, 2012 at 04:40:47PM -0600, Grant Ridder <shortdudey123@gmail.com> wrote a message of 23 lines which said:
If i remember right, another group tried to take down the root servers within the past 5 or 6 years and only took out around 20 or 25.
No need to remember, Wikipedia does it for you <http://en.wikipedia.org/wiki/Distributed_denial_of_service_attacks_on_root_nameservers>.
the zionist usa regime does a far better job at taking icann out of the loop as a resolvable root than anonymous will ever able to do :P (time to change the root.hints to a competing root ;) the internet treats censorship as damage and routes around it, remember that one :P so can special agent retard of ICE put all those domains back nao pls :P you know the ones that say "seized" (must be american english for "we don't care about the souvereignity of other countries and confiscate assets of their citizens nontheless ;) -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven@cb3rob.net ========================================================================= <penpen> C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Stephane Bortzmeyer wrote:
On Wed, Feb 15, 2012 at 04:40:47PM -0600, Grant Ridder <shortdudey123@gmail.com> wrote a message of 23 lines which said:
If i remember right, another group tried to take down the root servers within the past 5 or 6 years and only took out around 20 or 25.
No need to remember, Wikipedia does it for you <http://en.wikipedia.org/wiki/Distributed_denial_of_service_attacks_on_root_nameservers>.
----- Original Message -----
From: "Sven Olaf Kamphuis" <sven@cb3rob.net>
the internet treats censorship as damage and routes around it, remember that one :P
Not only do we remember it, I believe John's on this list. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
On Feb 15, 2012, at 5:36 PM, George Bakos wrote:
As I hadn't seen it discussed here, I'll have to assume that many NANOGers haven't seen the latest rant from Anonymous:
"To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, the Internet will go Black. In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet. Those servers are as follow:"
13 servers. Sshhhhh! Don't anybody mention anycast - it's a secret.
As is TCP, which requires a 3-way handshake, oh and the 41 day TTL on the . zone 2 day TTL on the served data pointing to the com zone, so any well-behaved server should only touch the root once every ~172800 seconds. This means the activity would have to be sustained and unmitigated for many hours (days) to have a significant impact. - Jared
They could just mess with BGP announcements. If you can't route to the root servers they may as well not exist. -Eric On 16/02/2012, at 9:12 AM, Jared Mauch wrote:
On Feb 15, 2012, at 5:36 PM, George Bakos wrote:
As I hadn't seen it discussed here, I'll have to assume that many NANOGers haven't seen the latest rant from Anonymous:
"To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, the Internet will go Black. In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet. Those servers are as follow:"
13 servers. Sshhhhh! Don't anybody mention anycast - it's a secret.
As is TCP, which requires a 3-way handshake, oh and the 41 day TTL on the . zone
2 day TTL on the served data pointing to the com zone, so any well-behaved server should only touch the root once every ~172800 seconds.
This means the activity would have to be sustained and unmitigated for many hours (days) to have a significant impact.
- Jared
In message <5F40C962-FF7E-4197-BBA5-5E891104B17C@puck.nether.net>, Jared Mauch writes:
On Feb 15, 2012, at 5:36 PM, George Bakos wrote:
As I hadn't seen it discussed here, I'll have to assume that many NANOGers haven't seen the latest rant from Anonymous: =20 "To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, the Internet will go Black.=20 In order to shut the Internet down, one thing is to be done. Down the 13 root DNS servers of the Internet. Those servers are as follow:" =20 http://pastebin.com/XZ3EGsbc =20 13 servers. Sshhhhh! Don't anybody mention anycast - it's a secret.
As is TCP, which requires a 3-way handshake, oh and the 41 day TTL on = the . zone
2 day TTL on the served data pointing to the com zone, so any = well-behaved server should only touch the root once every ~172800 = seconds.
This means the activity would have to be sustained and unmitigated for = many hours (days) to have a significant impact.
- Jared
Or just slave the root zone. 1 million root servers is more robust than the hundred or so we have today and given the root is signed you can verify the answers returned. One can have your own, offical, F root server instance if you want. A number of ISP already have one. I think a number of the other root server operators do something similar. One can hijack one of the official address and replace the A and AAAA records with local address. This one does cause issues for any one wanting to lookup the hijacked address. One can use static-stub in named and simlar mechanisms in other nameservers to send root zone traffic to a local instance. On can use multiple views, match-recursive and forwarder zones in forward first mode to validate answer from the other view using tsig to reach the other view. You can also us this to get AD set on answers from your local zones. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Mark Andrews wrote:
Or just slave the root zone. 1 million root servers is more robust than the hundred or so we have today
Good, I was serious to have said "not thousands but millions of" servers when I proposed anycast root servers.
and given the root is signed you can verify the answers returned.
With anycast, you can reach only a single server among servers sharing an address even if you find some server compromised, though you can try others with different addresses. But, as most attacks will be DOS, DNSSEC capable servers are weaker. Masataka Ohta
On Wed, Feb 15, 2012 at 10:36:32PM +0000, George Bakos <gbakos@alpinista.org> wrote a message of 13 lines which said:
As I hadn't seen it discussed here, I'll have to assume that many NANOGers haven't seen the latest rant from Anonymous:
There's nothing proving that it comes from the Anonymous (the name is itself quite fuzzy, anyone can say "I am the Anonymous"). It may be a student playing, it may be a security vendor trying to raise more security awareness, etc. A post on pastebin means nothing.
participants (10)
-
Dave CROCKER -
Eric Parsonage -
George Bakos -
Grant Ridder -
Jared Mauch -
Jay Ashworth -
Mark Andrews -
Masataka Ohta -
Stephane Bortzmeyer -
Sven Olaf Kamphuis