Under Attack?
Search
Menu

Operation Blackout – Get Yourself Prepared

By Ronen KenigMarch 27, 2012

Operation Blackout due date is approaching: Anonymous is planning to shutdown the Internet on March 31st, 2012 by attacking all 13 DNS root servers.

DNS is a critical infrastructure of the Internet as every web transaction involves a DNS service that is provided by the internet service provider. A successful attack against DNS servers will result in halt of all Internet based services.

Anonymous Attacking Tools

In order to achieve the ambitious goal of shutting down the Internet, Anonymous is planning to use a sophisticated reflective amplified DNS flood, generated using a DNS attack tool named “ramp.” “Ramp” is designed to harness the processing and bandwidth resources of multiple Internet Service Providers (ISPs) as well as other corporate DNS services to shutdown the DNS core.

Using “ramp,” Anonymous advocates will flood their ISPs and other DNS servers with DNS queries in which the source IP is spoofed and it matches the IP address of one of the DNS root servers (see step 1 in the diagram below). The ISP DNS servers will response to these malicious queries by sending the answer to the spoofed source, i.e to the DNS Root servers(step 2 in the diagram).

The amplified effect of this attack is achieved by generating DNS reponses that are ten times larger than the original DNS queries.

Fearing of law-enforcement agencies’ ability to track the physical source of even spoofed source attacks, Anonymous urged their follower to use the TOR anonymized network. However, since the TOR network has limited bandwidth resources, Anonymous must amplify the attack using the “ramp” tool in order to succeed in their mission.

Radware DNS DDoS Mitigation Solution

To successfully mitigate the threats discussed above, DNS attack mitigation tools must meet very unique challenges. Radware AMS is the industry’s first DNS DDoS mitigation solution that meets these unique challenges:

Mitigation tools must have deep knowledge of DNS traffic behavior – Radware AMS understands DNS traffic and learns it normal behavior continually, so it immediately identifies abnormal DNS traffic. Moreover, Radware AMS analyzes every field in DNS traffic to identify abnormal packets and to create its real time signatures in high accuracy.

Mitigating high rate of DNS packets – Utilizing its DoS Mitigation Engine (DME), a network processor based hardware accelerator, Radware AMS can challenge 2M DNS queries per second and to process up to 12 million packets per second of attack traffic. The attack traffic does not affect Radware AMS capabilities to handle legitimate traffic and it can handle multi-gigabit of legitimate throughput traffic under attack.

Mitigation accuracy – With unique DNS challenges and accurate analyzing of DNS traffic behavior, Radware AMS provides a very accurate distinguish between legitimate DNS traffic and attack-based DNS traffic results in minimal false positives. This enables the service provider to continue and serve its legitimate users even under severe attack.

Provide best quality of experience even under attack – Radware AMS unique architecture that is based on several hardware engines and accelerators guarantees a minimum latency to all processed traffic, and especially to the legitimate traffic. This guarantees a best quality of experience to legitimate internet users even under attack.

A detailed description of Radware’s solution for mitigating DNS attacks can be found here.

Contact Our DNS Advisory Team

ISPs and other DNS service providers should protect themselves from the planned attacks. The threat of effecting Internet services by shutting down local or national ISP DNS servers is more likely to happen than affecting the global DNS Root servers.

Radware created a 24×7 DNS advisory team to help our customers and prospects get themselves ready for Operation Blackout. This team provides a detailed explanation of the threats and how to best prepare your DNS critical infrastructure and your mitigation solutions for the coming attacks.

Radware’s customers are encouraged to contact our support team and to get an immediate help from our DNS advisory team. Other prospects and non-Radware customers can contact our DNS advisory team through a Radware representative.

 

Posted in: Attack Mitigation DDoS Attacks SecurityTags:

Ronen Kenig

Ronen manages the global marketing strategy for Radware’s Security products. His responsibilities include the planning, positioning and go-to-market strategy for all Security products activities worldwide. An industry expert, Ronen has more than 14 years experience in managing R&D and marketing products in the networking infrastructure, Security and application delivery sectors. Ronen writes about Security threats and solutions, application delivery, and cloud computing.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Contact Us Now

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
Close

What are you looking for?