On March 31, anonymous will shut the Internet down

AlexNguyen

Source:

---

0100111 - Pastebin.com

1. ---

2. 01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111
   
3. 01101110 01000111 01101100 01101111 01100010 01100001 01101100
   
4. 01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100
   

5. ---

6. ___ _ _ ___ _ _ _
   
7. / _ \ _ __ ___ _ _ __ _| |_(_)___ _ _ / __| |___| |__ __ _| |
   
8. | (_) | '_ \/ -_) '_/ _` | _| / _ \ ' \ | (_ | / _ \ '_ \/ _` | |
   
9. \___/| .__/\___|_| \__,_|\__|_\___/_||_| \___|_\___/_.__/\__,_|_|
   
10. |_|
    
11. ___ _ _ _
    
12. | _ ) |__ _ __| |_____ _ _| |_
    
13. | _ \ / _` / _| / / _ \ || | _|
    
14. |___/_\__,_\__|_\_\___/\_,_|\__|
    
15. 
    

16. ---

17. 01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111
    
18. 01101110 01000111 01101100 01101111 01100010 01100001 01101100
    
19. 01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100
    

20. ---

21. "The greatest enemy of freedom is a happy slave."
    
22. 
    
23. To protest SOPA, Wallstreet, our irresponsible leaders and the beloved
    
24. bankers who are starving the world for their own selfish needs out of
    
25. sheer sadistic fun, On March 31, anonymous will shut the Internet down.
    
26. 
    

27. ---

28. 
    
29. In order to shut the Internet down, one thing is to be done. Down the
    
30. 13 root DNS servers of the Internet. Those servers are as follow:
    
31. 
    
32. A 198.41.0.4
    
33. B 192.228.79.201
    
34. C 192.33.4.12
    
35. D 128.8.10.90
    
36. E 192.203.230.10
    
37. F 192.5.5.241
    
38. G 192.112.36.4
    
39. H 128.63.2.53
    
40. I 192.36.148.17
    
41. J 192.58.128.30
    
42. K 193.0.14.129
    
43. L 199.7.83.42
    
44. M 202.12.27.33
    
45. 
    
46. By cutting these off the Internet, nobody will be able to perform a
    
47. domain name lookup, thus, disabling the HTTP Internet, which is,
    
48. after all, the most widely used function of the Web. Anybody entering
    
49. "http://www.google.com" or ANY other url, will get an error page,
    
50. thus, they will think the Internet is down, which is, close enough.
    
51. Remember, this is a protest, we are not trying to 'kill' the Internet,
    
52. we are only temporarily shutting it down where it hurts the most.
    
53. 
    
54. While some ISPs uses DNS caching, most are configured to use a low
    
55. expire time for the cache, thus not being a valid failover solution
    
56. in the case the root servers are down. It is mostly used for speed,
    
57. not redundancy.
    
58. 
    
59. We have compiled a Reflective DNS Amplification DDoS tool to be used for
    
60. this attack. It is based on AntiSec's DHN, contains a few bugfix, a
    
61. different dns list/target support and is a bit stripped down for speed.
    
62. 
    
63. The principle is simple; a flaw that uses forged UDP packets is to be
    
64. used to trigger a rush of DNS queries all redirected and reflected to
    
65. those 13 IPs. The flaw is as follow; since the UDP protocol allows it,
    
66. we can change the source IP of the sender to our target, thus spoofing
    
67. the source of the DNS query.
    
68. 
    
69. The DNS server will then respond to that query by sending the answer to
    
70. the spoofed IP. Since the answer is always bigger than the query, the
    
71. DNS answers will then flood the target ip. It is called an amplified
    
72. because we can use small packets to generate large traffic. It is called
    
73. reflective because we will not send the queries to the root name servers,
    
74. instead, we will use a list of known vulnerable DNS servers which will
    
75. attack the root servers for us.
    
76. 
    
77. DDoS request ---> [Vulnerable DNS Server ] <---> Normal client requests
    
78. \
    
79. | ( Spoofed UDP requests
    
80. | will redirect the answers
    
81. | to the root name server )
    
82. |
    
83. [ 13 root servers ] * BAM
    
84. 
    
85. Since the attack will be using static IP addresses, it will not rely
    
86. on name server resolution, thus enabling us to keep the attack up even
    
87. while the Internet is down. The very fact that nobody will be able to
    
88. make new requests to use the Internet will slow down those who will try
    
89. to stop the attack. It may only lasts one hour, maybe more, maybe even
    
90. a few days. No matter what, it will be global. It will be known.
    
91. 
    

92. ---

93. 
    
94. download link in #opGlobalBlackout
    
95. 
    

96. ---

97. 
    
98. The tool is named "ramp" and stands for Reflective Amplification. It is
    
99. located in the \ramp\ folder.
    
100. 
     

101. ---

     > Windows users
     
102. 
     
103. In order to run "ramp", you will need to download and install these two
     
104. applications;
     
105. 
     
106. WINPCAP DRIVER - http://www.winpcap.org/install/default.htm
     
107. TOR - http://www.torproject.org/dist/vidalia-bundles/
     
108. 
     
109. The Winpcap driver is a standard library and the TOR client is used as
     
110. a proxy client for using the TOR network.
     
111. 
     
112. It is also recommended to use a VPN, feel free to choose your own flavor
     
113. of this.
     
114. 
     
115. To launch the tool, just execute "\ramp\launch.bat" and wait. The attack
     
116. will start by itself.
     
117. 
     

118. ---

     > Linux users
     
119. 
     
120. The "ramp" linux client is located under the \ramp\linux\ folder and
     
121. needs a working installation of python and scapy.
     
122. 
     

123. ---

124. 
     
125. "He who sacrifices freedom for security deserves neither."
     
126. Benjamin Franklin
     
127. 
     
128. We know you wont' listen. We know you won't change. We know it's because
     
129. you don't want to. We know it's because you like it how it is. You bullied
     
130. us into your delusion. We have seen you brutalize harmless old womans who were
     
131. protesting for peace. We do not forget because we know you will only use that
     
132. to start again. We know your true face. We know you will never stop. Neither
     
133. are we. We know.
     
134. 
     
135. We are Anonymous.
     
136. We are Legion.
     
137. We do not Forgive.
     
138. We do not Forget.
     
139. You know who you are, Expect us.

CodeBlox

I would like to see this happen! The internet wont really be shutdown though. If you know the IP address of said website, you could still get there.

Lizano

werent they gonna kill Facebook on November 5th ?

pizzaboy

CodeBlox wrote: »

I would like to see this happen! The internet wont really be shutdown though. If you know the IP address of said website, you could still get there.

Yeah but who really keeps those figures in their head.

But I too would like to see it happen, would be very interesting.

DevilWAH

Any one who know Anonymous knows this is not how they act and is not the kind of stunt they would pull.

tr1x

lol hoax.. bunch of BS.

DevilWAH

pizzaboy wrote: »

Yeah but who really keeps those figures in their head.

But I too would like to see it happen, would be very interesting.

Most DNS servers cache requests as they pass through them, meaning that taking down the 13 root servers would actualy not have the inpact people would expect.

Most peoples DNS point to there ISP, and many ISPs could continue serving the majority of DNS requests with out the need of the ROOT servers.

tr1x

DevilWAH wrote: »

Most DNS servers cache requests as they pass through them, meaning that taking down the 13 root servers would actualy not have the inpact people would expect.

Most peoples DNS point to there ISP, and many ISPs could continue serving the majority of DNS requests with out the need of the ROOT servers.

Yeah.. taking down the root DNS servers would basically do nothing. It may impact a very small amount for a limited time but that's it.

Sett

Cool story brah. Most of the DNS servers (well, the ones I've seen) are caching the zones for 24h - that's more then enough. Also, I really doubt that this is coming from Anonymous.

ipchain

Early April Fool's joke? That is likely...

Everyone

DevilWAH wrote: »

Most DNS servers cache requests as they pass through them, meaning that taking down the 13 root servers would actualy not have the inpact people would expect.

Most peoples DNS point to there ISP, and many ISPs could continue serving the majority of DNS requests with out the need of the ROOT servers.

^^ This.

Darn kids. ;P

tpatt100

Its a trap!

ptilsen

CodeBlox wrote: »

I would like to see this happen! The internet wont really be shutdown though. If you know the IP address of said website, you could still get there.

It would be quite cumbersome. First, you'd need to have a list. Second, you'd need to add them as A records to a local DNS record or add them to your hosts file. HTTP host headers are often required to access some web sites; browsing directly to an IP address is not always an option.

As others are pointing out, this would depend on ISPs' failure to just cache everything. With this kind of forewarning, I suspect many, if not most ISPs will be able to respond to this, and I bet Google and Open DNS could take up the slack. Sure, the will be outages, but to say the Internet or Web will be down is exaggeration.

msteinhilber

Meh, why bother giving them attention. I wouldn't be surprised if there are government elements at work within Anonymous to exploit them as a tool to exert more control and regulation on the Internet.

AlexNguyen

Planned Anonymous Attack on the Internet Likely to Fail

FloOz

i hope it does happen. Even if only for 10 seconds ha

MentholMoose

Supposedly "operation global blackout" was a hoax.
Anonymous is not taking down the Internet | ZDNet

In any case, March 31 came and went and the Internet is (obviously) still here.

jibbajabba

MentholMoose wrote: »

Supposedly "operation global blackout" was a hoax.
Anonymous is not taking down the Internet | ZDNet

In any case, March 31 came and went and the Internet is (obviously) still here.

There was me hoping to have an excuse not to be on call

powerfool

That would have been fun... I use TShark as a service on my system to capture DNS traffic. I do it watch for naughty things happening on my computer, but I could have reviewed the PCAP files to get all of the IP addresses that I need to perform my daily routine.

tpatt100

MentholMoose wrote: »

Supposedly "operation global blackout" was a hoax.
Anonymous is not taking down the Internet | ZDNet

In any case, March 31 came and went and the Internet is (obviously) still here.

It was down when you all were asleep. I lost connection when I was playing Wow so I fixed it.

cyberguypr

tpatt100 wrote: »

It was down when you all were asleep. I lost connection when I was playing Wow so I fixed it.

TE crew to the rescue. Thanks man!