23 April 2012

Hackers Amplified DNS

Anonymous hacker group is known worldwide for taking down a number of important sites, including FBI, Interpol, Panda Security, and the US Department of Justice. Now they move further and are going after the Web’s entire Domain Name System.
DNS-Amplification-%E2%80%93-Anonymous%E2%80%99-Next-Powerful-Weapon.jpg

Of course, bringing the whole DNS down isn’t a very easy task. Anonymous is now planning on using the DNS itself as a weapon, and is developing a next-generation instrument named DNS amplification to reach this goal. The so-called “gadget” is expected to hack into an integral part of the web’s global address book, sending enormous data packets to the affected machines without revealing the source of attack. The suggested scheme becomes possible thanks to vulnerability in the DNS system, which actually exists for a decade already.

If you take a look from the inside, you would see that the DNS system is working on a strict hierarchy. At its top there are “root” nameservers. You can accomplish DNS lookup just by obtaining access to various levels of the hierarchy. Meanwhile, there’re 2 methods a DNS resolver is working: the first is iterative mode, and the second is recursive mode. In the first mode, the resolver first queries the root nameservers for the top-level domain’s nameservers, and after this it queries the top-level domain’s nameserver for the 2nd level, and so on. When contacting the various nameservers, the resolver will either find an answer or give up because of lack of it.

In the second case (the recursive mode), the resolver’s task becomes easier – it will be asking for one DNS server for the whole name, after which the server will do all the necessary requests for it.

There are numerous benefits of DNS amplification. For instance, the source of the attack could be hidden with UDP via forged headers. In addition, different VPNs could also be used as extra-precaution, because Tor’s services don’t function on UDP traffic. Therefore, due to the fact that DNS amplification relies on UDP (a connection-free protocol), the sent packets can’t be easily circumvented.

The industry experts seem worried. They point out that if Anonymous do manage to pull this stunt, there won’t be much that they can’t do in retaliation to the ongoing anti-piracy cyberwar, started by the US authorities.

No comments:

Post a Comment