Hi Saich, saich wrote:
Thanks people you have given much insight....and yes you are right the best way would be to take down the 13 DNS Root Servers actually it was done in 2006 when some dudes managed to flood 6 of the 13 with traffic b4 they were found out...this considerabl slowed down the net..... _______
This is not entirely correct in the last 10 years there has been to major attacks on the Root-Servers in 2002 (The first ddos on Root-servers) and in 2007. Both incidents found me relatively well placed within the TLD operator community. Saying that they slowed down the net is an interesting concept since most users actually never realized that there was an issue until the incident was reported. If you have an understanding of how DNS Round-Robin works you will realise that the implications of the Feb 2007 attacks while large targeted 6 with 2 being severely affected. Since 2002 F, K, I, J and M had commenced anycasting of their instances and did not notice signficant impacts. The result as was put did not slow down the net but caused engineers lack of sleep. Today only B, D, E, G and H are not anycasted. The rest have multiple sites around the globe. If you wish to attack the root this might be a place to start. FYI you better have sufficient zombies to fill multiple 40G circuits and overun highly spec'd servers running very scalable applications i.e NSD or BIND plus very smart engineers who may filter you backwards in under an hour. All in all this will not even slow down the net since everyone will still have access to over 100 other Root-servers to query from. I still think that the best way to cause outage on the net is to corrupt the global routing table (ok i finally said it). The DNS is far too stable at the moment. This can be achieved by sending a malformed packet that can either 1) Cause routers to reset (causing route dampening over a period of time will cause the internet to become unstable and unusable) and b) cause routers to clear the FIB or route all packets to Null0. Ofcourse this will have to be done for all the top 5 router vendors to have any significant effect. http://www.cisco.com/warp/public/707/cisco-sa-20010510-ios-bgp-attr.shtml and http://www.cisco.com/en/US/products/products_security_advisory09186a00803be7... and http://secunia.com/advisories/28100/ The other option would be to consider attacking applications that would cause attention to the public. That is attaching Web-Servers and Mail services using various exploits would easily cause a global concern. This is with consideration that if a user cant browse or check/send email then the net is not working. That will get you headlines like "Internet is down" with the media folks :) Have a pleasant weekend. Regards, Michuki.