Rumors are starting to go around, thanks to a Paste Bin post by someone claiming to be part of a larger group under the name Anonymous. That this Saturday, they’ll “crash” the net.

To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, on March 31, anonymous will shut the Internet down. We’ll look to shut down the Internet by disabling its core DNS servers, thus making websites inaccessible

 

“The greatest enemy of freedom is a happy slave.”

To protest SOPA, Wallstreet, our irresponsible leaders and the beloved

bankers who are starving the world for their own selfish needs out of

sheer sadistic fun, On March 31, anonymous will shut the Internet down.

———————————————————————–

In order to shut the Internet down, one thing is to be done. Down the

13 root DNS servers of the Internet. Those servers are as follow:

A 198.41.0.4

B 192.228.79.201

C 192.33.4.12

D 128.8.10.90

E 192.203.230.10

F 192.5.5.241

G 192.112.36.4

H 128.63.2.53

I 192.36.148.17

J 192.58.128.30

K 193.0.14.129

L 199.7.83.42

M 202.12.27.33

By cutting these off the Internet, nobody will be able to perform a

domain name look-up, thus, disabling the HTTP Internet, which is,

after all, the most widely used function of the Web. Anybody entering

“http://www.google.com” or ANY other url, will get an error page,

thus, they will think the Internet is down, which is, close enough.

Remember, this is a protest, we are not trying to ‘kill’ the Internet,

we are only temporarily shutting it down where it hurts the most.

While some ISPs uses DNS caching, most are configured to use a low

expire time for the cache, thus not being a valid failover solution

in the case the root servers are down. It is mostly used for speed,

not redundancy.

We have compiled a Reflective DNS Amplification DDoS tool to be used for

this attack. It is based on AntiSec’s DHN, contains a few bugfix, a

different dns list/target support and is a bit stripped down for speed.

The principle is simple; a flaw that uses forged UDP packets is to be

used to trigger a rush of DNS queries all redirected and reflected to

those 13 IPs. The flaw is as follow; since the UDP protocol allows it,

we can change the source IP of the sender to our target, thus spoofing

the source of the DNS query.

The DNS server will then respond to that query by sending the answer to

the spoofed IP. Since the answer is always bigger than the query, the

DNS answers will then flood the target ip. It is called an amplified

because we can use small packets to generate large traffic. It is called

reflective because we will not send the queries to the root name servers,

instead, we will use a list of known vulnerable DNS servers which will

attack the root servers for us.

DDoS request —> [Vulnerable DNS Server ] <—> Normal client requests

\

| ( Spoofed UDP requests

| will redirect the answers

| to the root name server )

|

[ 13 root servers ] * BAM

Since the attack will be using static IP addresses, it will not rely

on name server resolution, thus enabling us to keep the attack up even

while the Internet is down. The very fact that nobody will be able to

make new requests to use the Internet will slow down those who will try

to stop the attack. It may only lasts one hour, maybe more, maybe even

a few days. No matter what, it will be global. It will be known.

———————————————————————–

download link in #opGlobalBlackout

The tool is named “ramp” and stands for Reflective Amplification. It is

located in the \ramp\ folder.

———-> Windows users

In order to run “ramp”, you will need to download and install these two

applications;

WINPCAP DRIVER – www.winpcap.org/install/default.htm

TOR – www.torproject.org/dist/vidalia-bundles/

The Winpcap driver is a standard library and the TOR client is used as

a proxy client for using the TOR network.

It is also recommended to use a VPN, feel free to choose your own flavor of this.

To launch the tool, just execute “\ramp\launch.bat” and wait. The attack

will start by itself.

———-> Linux users

The “ramp” linux client is located under the \ramp\linux\ folder and

needs a working installation of python and scapy.

Read more: www.disclose.tv/forum/on-march-31-anonymous-will-shut-the-internet-down-t67878.html#ixzz1modrC1Jn

However, like many other threats, ie, to take down Facebook, this one isn’t likely to happen even if they try. However, with all threats coming from Anonymous, things are looked at a little bit closer due in fact to what they’ve done in the past. Will this one happen, no one knows, but we’ll sure to find out Saturday morning if we can’t get onto Google+.

http://nibletz.com/2012/03/rumor-anonymous-to-take-down-internet-this-saturday/