Anonymous
Ars Technica describes, in great detail, how the loosely organized, international group of hacktivists responsible for denial of service attacks big and small could use a technique called DNS amplification to take us back to 1992.
Recently, Anonymous has had a streak of hits, including a revenge attack on Panda Security, which members of the hacking group falsely believed helped authorities rein in six LulzSec members, and a recent attack on the Vatican's website. Previous targets included the CIA, an FBI cybersecurity partner and several law enforcement sites around the country. This Technolog report goes in-depth about the very real possibility of a power grid shutdown, quoting from the NSA chief.
Anonymous' usual MO is to overload websites with access requests, so a DNS amplification could be seen as a mega-version of that approach, as described by Ars Technica:
DNS amplification hijacks an integral part of the Internet’s global address book, turning a relatively small stream of requests from attacking machines into a torrent of data sent to the target machines, potentially delivering network traffic of tens or hundreds of gigabytes per second without revealing the source of the attack. It does so by using a vulnerability in the DNS service that's been known since at least 2002.Whatever comes next, it doesn't look like Anonymous is going to let up anytime soon. Consider this March 8 tweet, from @YourAnonNews: "War is our imperative. And if right now victory seems like an impossibility, then we have something else to reach for: revenge, payback."
Using these two things—recursive lookups that return large amounts of data to small queries, and spoofed source addresses—attacks can be made. The attacker first finds a server that is configured to enable recursive lookups. He then sends a large number of requests to the server, spoofing the source address so that the server thinks that the victim machine is making the request. Each of these requests is chosen so that it generates a large response, much larger than the queries themselves. The server will then send these large responses to the victim machine, inundating it with traffic. The disparity between the request size and the response is why these attacks are known as "amplification" attacks.
Check out Technolog on Facebook, and on Twitter, follow Athima Chansanchai, who is also trying to keep her head above water in the Google+ stream.
No comments:
Post a Comment