On March 31, anonymous will shut the Internet down

AlexNguyen

Source:

0100111 - Pastebin.com

01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111
01101110 01000111 01101100 01101111 01100010 01100001 01101100
01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100
___ _ _ ___ _ _ _
/ _ \ _ __ ___ _ _ __ _| |_(_)___ _ _ / __| |___| |__ __ _| |
| (_) | '_ \/ -_) '_/ _` | _| / _ \ ' \ | (_ | / _ \ '_ \/ _` | |
\___/| .__/\___|_| \__,_|\__|_\___/_||_| \___|_\___/_.__/\__,_|_|
|_|
___ _ _ _
| _ ) |__ _ __| |_____ _ _| |_
| _ \ / _` / _| / / _ \ || | _|
|___/_\__,_\__|_\_\___/\_,_|\__|
01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111
01101110 01000111 01101100 01101111 01100010 01100001 01101100
01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100
"The greatest enemy of freedom is a happy slave."
To protest SOPA, Wallstreet, our irresponsible leaders and the beloved
bankers who are starving the world for their own selfish needs out of
sheer sadistic fun, On March 31, anonymous will shut the Internet down.
In order to shut the Internet down, one thing is to be done. Down the
13 root DNS servers of the Internet. Those servers are as follow:
A 198.41.0.4
B 192.228.79.201
C 192.33.4.12
D 128.8.10.90
E 192.203.230.10
F 192.5.5.241
G 192.112.36.4
H 128.63.2.53
I 192.36.148.17
J 192.58.128.30
K 193.0.14.129
L 199.7.83.42
M 202.12.27.33
By cutting these off the Internet, nobody will be able to perform a
domain name lookup, thus, disabling the HTTP Internet, which is,
after all, the most widely used function of the Web. Anybody entering
"http://www.google.com" or ANY other url, will get an error page,
thus, they will think the Internet is down, which is, close enough.
Remember, this is a protest, we are not trying to 'kill' the Internet,
we are only temporarily shutting it down where it hurts the most.
While some ISPs uses DNS caching, most are configured to use a low
expire time for the cache, thus not being a valid failover solution
in the case the root servers are down. It is mostly used for speed,
not redundancy.
We have compiled a Reflective DNS Amplification DDoS tool to be used for
this attack. It is based on AntiSec's DHN, contains a few bugfix, a
different dns list/target support and is a bit stripped down for speed.
The principle is simple; a flaw that uses forged UDP packets is to be
used to trigger a rush of DNS queries all redirected and reflected to
those 13 IPs. The flaw is as follow; since the UDP protocol allows it,
we can change the source IP of the sender to our target, thus spoofing
the source of the DNS query.
The DNS server will then respond to that query by sending the answer to
the spoofed IP. Since the answer is always bigger than the query, the
DNS answers will then flood the target ip. It is called an amplified
because we can use small packets to generate large traffic. It is called
reflective because we will not send the queries to the root name servers,
instead, we will use a list of known vulnerable DNS servers which will
attack the root servers for us.
DDoS request ---> [Vulnerable DNS Server ] <---> Normal client requests
\
| ( Spoofed UDP requests
| will redirect the answers
| to the root name server )
|
[ 13 root servers ] * BAM
Since the attack will be using static IP addresses, it will not rely
on name server resolution, thus enabling us to keep the attack up even
while the Internet is down. The very fact that nobody will be able to
make new requests to use the Internet will slow down those who will try
to stop the attack. It may only lasts one hour, maybe more, maybe even
a few days. No matter what, it will be global. It will be known.
download link in #opGlobalBlackout
The tool is named "ramp" and stands for Reflective Amplification. It is
located in the \ramp\ folder.
> Windows users
In order to run "ramp", you will need to download and install these two
applications;
WINPCAP DRIVER - http://www.winpcap.org/install/default.htm
TOR - http://www.torproject.org/dist/vidalia-bundles/
The Winpcap driver is a standard library and the TOR client is used as
a proxy client for using the TOR network.
It is also recommended to use a VPN, feel free to choose your own flavor
of this.
To launch the tool, just execute "\ramp\launch.bat" and wait. The attack
will start by itself.
> Linux users
The "ramp" linux client is located under the \ramp\linux\ folder and
needs a working installation of python and scapy.
"He who sacrifices freedom for security deserves neither."
Benjamin Franklin
We know you wont' listen. We know you won't change. We know it's because
you don't want to. We know it's because you like it how it is. You bullied
us into your delusion. We have seen you brutalize harmless old womans who were
protesting for peace. We do not forget because we know you will only use that
to start again. We know your true face. We know you will never stop. Neither
are we. We know.
We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
You know who you are, Expect us.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

CodeBlox

I would like to see this happen! The internet wont really be shutdown though. If you know the IP address of said website, you could still get there.

Lizano

werent they gonna kill Facebook on November 5th ?

pizzaboy

CodeBlox wrote: »

I would like to see this happen! The internet wont really be shutdown though. If you know the IP address of said website, you could still get there.

Yeah but who really keeps those figures in their head.

But I too would like to see it happen, would be very interesting.

DevilWAH

Any one who know Anonymous knows this is not how they act and is not the kind of stunt they would pull.

tr1x

lol hoax.. bunch of BS.

DevilWAH

pizzaboy wrote: »

Yeah but who really keeps those figures in their head.

But I too would like to see it happen, would be very interesting.

Most DNS servers cache requests as they pass through them, meaning that taking down the 13 root servers would actualy not have the inpact people would expect.

Most peoples DNS point to there ISP, and many ISPs could continue serving the majority of DNS requests with out the need of the ROOT servers.

tr1x

DevilWAH wrote: »

Most DNS servers cache requests as they pass through them, meaning that taking down the 13 root servers would actualy not have the inpact people would expect.

Most peoples DNS point to there ISP, and many ISPs could continue serving the majority of DNS requests with out the need of the ROOT servers.

Yeah.. taking down the root DNS servers would basically do nothing. It may impact a very small amount for a limited time but that's it.

Sett

Cool story brah. Most of the DNS servers (well, the ones I've seen) are caching the zones for 24h - that's more then enough. Also, I really doubt that this is coming from Anonymous.

ipchain

Early April Fool's joke? That is likely...

Everyone

DevilWAH wrote: »

Most DNS servers cache requests as they pass through them, meaning that taking down the 13 root servers would actualy not have the inpact people would expect.

Most peoples DNS point to there ISP, and many ISPs could continue serving the majority of DNS requests with out the need of the ROOT servers.

^^ This.

Darn kids. ;P

tpatt100

Its a trap!

ptilsen

CodeBlox wrote: »

I would like to see this happen! The internet wont really be shutdown though. If you know the IP address of said website, you could still get there.

It would be quite cumbersome. First, you'd need to have a list. Second, you'd need to add them as A records to a local DNS record or add them to your hosts file. HTTP host headers are often required to access some web sites; browsing directly to an IP address is not always an option.

As others are pointing out, this would depend on ISPs' failure to just cache everything. With this kind of forewarning, I suspect many, if not most ISPs will be able to respond to this, and I bet Google and Open DNS could take up the slack. Sure, the will be outages, but to say the Internet or Web will be down is exaggeration.

msteinhilber

Meh, why bother giving them attention. I wouldn't be surprised if there are government elements at work within Anonymous to exploit them as a tool to exert more control and regulation on the Internet.

AlexNguyen

Planned Anonymous Attack on the Internet Likely to Fail

FloOz

i hope it does happen. Even if only for 10 seconds ha

MentholMoose

Supposedly "operation global blackout" was a hoax.
Anonymous is not taking down the Internet | ZDNet

In any case, March 31 came and went and the Internet is (obviously) still here.

jibbajabba

MentholMoose wrote: »

Supposedly "operation global blackout" was a hoax.
Anonymous is not taking down the Internet | ZDNet

In any case, March 31 came and went and the Internet is (obviously) still here.

There was me hoping to have an excuse not to be on call

powerfool

That would have been fun... I use TShark as a service on my system to capture DNS traffic. I do it watch for naughty things happening on my computer, but I could have reviewed the PCAP files to get all of the IP addresses that I need to perform my daily routine.

tpatt100

MentholMoose wrote: »

Supposedly "operation global blackout" was a hoax.
Anonymous is not taking down the Internet | ZDNet

In any case, March 31 came and went and the Internet is (obviously) still here.

It was down when you all were asleep. I lost connection when I was playing Wow so I fixed it.

cyberguypr

tpatt100 wrote: »

It was down when you all were asleep. I lost connection when I was playing Wow so I fixed it.

TE crew to the rescue. Thanks man!