DNS Amplification – Anonymous’ Next Powerful Weapon

After taking down several important websites, including Interpol, Panda Security, FBI, and the US Department of Justice, Anonymous is planning on going after the Internet’s entire DNS

Bringing the whole Domain Name System down is no easy task; the hacker group is planning on using the DNS itself as a weapon, and therefore is working on a next-generation tool called DNS amplification to do the job. This new “gadget” will hack into an integral part of the Internet’s global address book, sending huge data packets to the targeted machines without revealing the source of attack. This is possible due to a vulnerability in the DNS system that’s been present since 2002.

In a nutshell, the DNS system is functioning on a strict hierarchy, at the top of it being the “root” nameservers. For a better understanding of the Domain Name System you may want to visit the following link.

A DNS lookup is accomplished only by getting access to different levels of the hierarchy, and there are two methods a DNS resolver works: the iterative mode and the recursive mode. In the first the resolver first queries the root nameservers for the top-level domain’s nameservers, then queries the top-level domain’s nameserver for the second level, and so on. By contacting the different nameservers, the resolver will either find an answer or give up due to lack of it.

As for the recursive mode, the resolver’s task is easier – it asks for one DNS server for the whole name, then the server does all the necessary requests for him.

(Source ArsTechnica)

More on DNS recursion can be found on ArsTechnica’s article, here.

The benefits of DNS amplification are further explained in the article. For example, the source of an attack can be hidden with UDP through forged headers. Moreover, various VPNs can also be used as extra-precaution since Tor’s services do not function on UDP traffic; and since DNS amplification relies on UDP, a connection-free protocol, the sent packets are not easily circumvented.

Bottom line is that if Anonymous manages to pull this stunt, there isn’t much that they won’t be able to do in retaliation to this whole anti-piracy cyberwar.