Beaf:

^
They can do it if they get the root nameservers as the article is suggesting. At least, they can get huge swathes of it.

@topic
Anonymous are beginning to sound worse than the average pest or robber. They are a group of teenagers who are still lacking wisdom.
Who asked them to shut down the internet? On whose behalf are they acting? There are many honest little guys out there struggling to make a buck off the web or struggling to make contacts for wholesome endeavours; and Anonymous thinks it is right to cut off these peoples communications and businesses? There are also lovers, friends and family members who are cut off by distance; for them, the internet is a resource that must never be shut down. Further, several emergency and disaster refief services are organised around the internet, therefore cutting it off could spill real blood.

If Anonymous insists on becoming a cancer, then they should be cut off and seen as public enemies. What will they do next, hold the World to ransome and make Dr Evil from the movies become real?

phreakabit:

They didn't say a large portion of. . . .  They actually said the "INTERNET". LOL. . . . I don't think anyone or any organisation can do that. I will wait and see.

[size=14pt]Attacks[/size]
[edit] October 21, 2002

On October 21, 2002 an attack lasting for approximately one hour was targeted at all 13 DNS root name servers.[1]

This event was the first significant attack directed at disabling the Internet itself instead of specific websites.[citation needed] This was the second significant failure of the root nameservers. The first caused the failure of seven machines in April 1997 due to a technical problem.[2]
[edit] February 6, 2007

On February 6, 2007 an attack began at 10 AM UTC and lasted twenty-four hours. At least two of the root servers (G-ROOT and L-ROOT) reportedly suffered badly while two others (F-ROOT and M-ROOT) experienced heavy traffic. The latter largely contained the damage by distributing requests to other root server instances with anycast addressing. ICANN published a formal analysis shortly after the event.[3]

Due to a lack of detail, speculation about the incident proliferated in the press until details were released.[4]

On February 8, 2007 it was announced by Network World that: "If the United States found itself under a major cyberattack aimed at undermining the nation's critical information infrastructure, the Department of Defense is prepared, based on the authority of the President, to launch [, ] an actual bombing of an attack source or a cyber counterattack."[5]

[size=14pt]U.S. cyber counterattack: Bomb 'em one way or the other[/size]
National Cyber Response Coordination Group establishing proper response to cyberattacks
By Ellen Messmer, Network World
February 08, 2007 12:06 PM ET

San Francisco — If the United States found itself under a major cyberattack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source.

The primary group responsible for analyzing the need for any cyber counterstrike is the National Cyber Response Coordination Group (NCRCG). The three key members of the NCRCG, who hail from the US-CERT computer-readiness team, the Department of Justice and the Defense Department, this week described how they would seek to coordinate a national response in the event of a major cyber-event from a known attacker.

This week’s massive but unsuccessful denial-of-service (DoS) attack on the Internet’s root DNS, which targeted military and other networks, did not rise to the level of requiring response, but made the possibility of a massive Internet collapse more real than theoretical. Had the attack been successful there may have been a cyber counterstrike from the United States, said Mark Hall, director of the international information assurance program for the Defense Department and the Defense Department co-chair to the NCRCG, who spoke on the topic of cyber-response during the RSA Conference here.

“We have to be able to respond,” Hall said. “We need to be in a coordinated response.”

He noted that the Defense Department networks, subject to millions of probes each day, has “the biggest target on its back.”

But a smooth cyber-response remains a work in progress. The NCRCG’s three co-chairs acknowledge it’s not simple coordinating communications and information-gathering across government and industry even in the best of circumstances, much less if a significant portion of the Internet or traditional voice communications were suddenly struck down. But they asserted the NCRCG is “ready to stand up” to confront a catastrophic cyber-event to defend the country.

“We’re working with key vendors to bring the right talent together for a mitigation strategy,” said Jerry Dixon, deputy director for operations for the National Cyber Security Division at US-CERT. “We recognize much infrastructure is operated by the private sector.” The U.S. government has conducted cyber war games in its CyberStorm exercise last year and is planning a second one.

The third NCRCG co-chair, Christopher Painter, principal deputy chief at the Justice Department, said the cyber-response group also seeks to communicate with 50 countries around the world where monitoring for massive cybersecurity events go on as well. “Some of them have some of the same communications issues we have here,” he noted.

The Department of Homeland Security’s National Response Plan calls for coordination with a number of agencies, including the Department of Treasury, when the decision for a national response is made. So far, there has been no major cybersecurity event against the United States that has prompted the need for a national response.

The massive DoS attack attempt against the Internet’s root-servers this week, which specifically targeted military networks, raises the question whether the United States would ever respond with a counterattack.

“It’s the President’s call,” said Hall said, pointing out the recommendation for a counterattack would be passed to the chief executive via the U.S. Strategic Command in Omaha.

In the event of a massive cyberattack against the country that was perceived as originating from a foreign source, the United States would consider launching a counterattack or bombing the source of the cyberattack, Hall said. But he noted the preferred route would be warning the source to shut down the attack before a military response.

All the military services are preparing for military cyber-response, Hall pointed out.

Jim Collins, R& engineer at the Air Force Information Operations Center, who also spoke on the need for network defense at a session at the RSA Conference, said the Air force is also gearing up for an offensive cyber capability.

“The Air Force hasn’t just been standing by,” he said, noting that in November, the Air Force added the mission to fight in cyberspace by creating a new Cyber Command.

“We’re standing up cyber-fighters to do network warfare,” Collins said. “Where we had pilots before, we’ll have fighters in cyberspace.”

Beaf:

http://en.wikipedia.org/wiki/Distributed_denial_of_service_attacks_on_root_nameservers

eGuerrilla:

I saw that.
Question is, what happens if the source is traced to a friendly country (or countries) as opposed to designated rogue states like Iran and North Korea?

The two DNS root servers "badly affected" by last month's intense denial-of-service attack were the only two targeted that have not yet installed the Anycast load balancing technology, according to a report (.pdf) released by ICANN.

During the cross-continent attack, which lasted for about two-and-a-half hours on February 6, unknown attackers used hijacked computers in the Asia-Pacific region to bombard six of the 13 root servers with data measuring a whopping 1Gb per second but, because the targets were using the Anycast technology, end users were not affected.

(NOTE: Data measuring 1Gb per second is roughly equivalent to receiving 13,000 e-mails every second, or over 1.5 million e-mails in just two minutes).

Anycast is a network addressing and routing scheme that allows data packets to is routed to the nearest or best destination. During the attacks, ICANN said it worked as a perfect foil and highlighted the need for all the roots not using the technology — D, E, G, H and L — to move over soon.

The report is disappointingly sparse on details of the origins or tactics used by the attackers. ICANN confirmed suspicions that zombie machines in South Korea formed the botnet that launched the attack but warned that this is mostly "educated guesswork."

"It could just as easily have come from a number of different countries at the same time. It is even possible that the attack originated from outside the region and many of the Internet addresses that the attack appeared to come from had in fact been "spoofed" or faked, ICANN said. "In fact, engineers are fairly sure that it did come from Asia-Pacific, but even so this does not mean that whoever was behind the attack is based in Asia-Pacific because they could just as easily triggered it from anywhere on the network, i.e., anywhere in the world."

South Korean authorities are already on record as saying that the attack commands were sent from a host server in Coburg, Germany.

Some highlights from the ICANN report:

At least six root servers were attacked but only two of them were noticeably affected: the "g-root", which is run by the U.S. Department of Defense and is physically based in Ohio, and the "l-root" run by ICANN.
The reason why these two were particularly badly affected was because they are the only root servers attacked that have yet to install Anycast (a further three root servers without Anycast were not attacked this time).
The fact that all the root servers have not moved to Anycast was a conscious decision to avoid a single point of failure. There were some concerns that there might be a security risk in allowing a lot of different servers to appear as if they were coming from the same place. And so just a few root servers tried the system first, tested it thoroughly and ironed out any bugs before the next set moved over.
The operators of the servers that were hit by the attack were aware of it almost instantaneously. Because of the way the attack worked (where a command is given at the same time to a large number of computers to send data to the same place), it arrived like a brick wall, which immediately set off all the alarms built into the networks.
One possible explanation for the root server attacks is to act as an advertisement for a particular botnet.

eGuerrilla:

@denzel2009, afam4eva
I seriously hope neither of you is in the business of managing mission critical systems, given the nonchalant views you have expressed on this thread
Hear the argument: if you can't bring down Amazon's EC2 network, you are not to be taken seriously. Really
You don't think it makes sense for others to consider contingency plans ahead of time?

Anyway, if the last major attack on root DNS servers is anything to go by, Nairaland is likely to be accessible on March 31st
[url=[/url]