SHOW:
|
|
- or go back to the newest paste.
| 1 | ----------------------------------------------------------------------- | |
| 2 | 01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111 | |
| 3 | 01101110 01000111 01101100 01101111 01100010 01100001 01101100 | |
| 4 | 01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100 | |
| 5 | ----------------------------------------------------------------------- | |
| 6 | ___ _ _ ___ _ _ _ | |
| 7 | / _ \ _ __ ___ _ _ __ _| |_(_)___ _ _ / __| |___| |__ __ _| | | |
| 8 | | (_) | '_ \/ -_) '_/ _` | _| / _ \ ' \ | (_ | / _ \ '_ \/ _` | | | |
| 9 | \___/| .__/\___|_| \__,_|\__|_\___/_||_| \___|_\___/_.__/\__,_|_| | |
| 10 | |_| | |
| 11 | ___ _ _ _ | |
| 12 | | _ ) |__ _ __| |_____ _ _| |_ | |
| 13 | | _ \ / _` / _| / / _ \ || | _| | |
| 14 | |___/_\__,_\__|_\_\___/\_,_|\__| | |
| 15 | ||
| 16 | ----------------------------------------------------------------------- | |
| 17 | 01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111 | |
| 18 | 01101110 01000111 01101100 01101111 01100010 01100001 01101100 | |
| 19 | 01000010 01101100 01100001 01100011 01101011 01101111 01110101 01110100 | |
| 20 | ----------------------------------------------------------------------- | |
| 21 | "The greatest enemy of freedom is a happy slave." | |
| 22 | ||
| 23 | To protest SOPA, Wallstreet, our irresponsible leaders and the beloved | |
| 24 | bankers who are starving the world for their own selfish needs out of | |
| 25 | sheer sadistic fun, On March 31, anonymous will shut the Internet down. | |
| 26 | ||
| 27 | ----------------------------------------------------------------------- | |
| 28 | ||
| 29 | In order to shut the Internet down, one thing is to be done. Down the | |
| 30 | 13 root DNS servers of the Internet. Those servers are as follow: | |
| 31 | ||
| 32 | A 198.41.0.4 | |
| 33 | B 192.228.79.201 | |
| 34 | C 192.33.4.12 | |
| 35 | D 128.8.10.90 | |
| 36 | E 192.203.230.10 | |
| 37 | F 192.5.5.241 | |
| 38 | G 192.112.36.4 | |
| 39 | H 128.63.2.53 | |
| 40 | I 192.36.148.17 | |
| 41 | J 192.58.128.30 | |
| 42 | K 193.0.14.129 | |
| 43 | L 199.7.83.42 | |
| 44 | M 202.12.27.33 | |
| 45 | ||
| 46 | By cutting these off the Internet, nobody will be able to perform a | |
| 47 | domain name lookup, thus, disabling the HTTP Internet, which is, | |
| 48 | after all, the most widely used function of the Web. Anybody entering | |
| 49 | "http://www.google.com" or ANY other url, will get an error page, | |
| 50 | thus, they will think the Internet is down, which is, close enough. | |
| 51 | Remember, this is a protest, we are not trying to 'kill' the Internet, | |
| 52 | we are only temporarily shutting it down where it hurts the most. | |
| 53 | ||
| 54 | While some ISPs uses DNS caching, most are configured to use a low | |
| 55 | expire time for the cache, thus not being a valid failover solution | |
| 56 | in the case the root servers are down. It is mostly used for speed, | |
| 57 | not redundancy. | |
| 58 | ||
| 59 | We have compiled a Reflective DNS Amplification DDoS tool to be used for | |
| 60 | this attack. It is based on AntiSec's DHN, contains a few bugfix, a | |
| 61 | different dns list/target support and is a bit stripped down for speed. | |
| 62 | ||
| 63 | The principle is simple; a flaw that uses forged UDP packets is to be | |
| 64 | used to trigger a rush of DNS queries all redirected and reflected to | |
| 65 | those 13 IPs. The flaw is as follow; since the UDP protocol allows it, | |
| 66 | we can change the source IP of the sender to our target, thus spoofing | |
| 67 | the source of the DNS query. | |
| 68 | ||
| 69 | The DNS server will then respond to that query by sending the answer to | |
| 70 | the spoofed IP. Since the answer is always bigger than the query, the | |
| 71 | DNS answers will then flood the target ip. It is called an amplified | |
| 72 | because we can use small packets to generate large traffic. It is called | |
| 73 | reflective because we will not send the queries to the root name servers, | |
| 74 | instead, we will use a list of known vulnerable DNS servers which will | |
| 75 | attack the root servers for us. | |
| 76 | ||
| 77 | DDoS request ---> [Vulnerable DNS Server ] <---> Normal client requests | |
| 78 | \ | |
| 79 | | ( Spoofed UDP requests | |
| 80 | | will redirect the answers | |
| 81 | | to the root name server ) | |
| 82 | | | |
| 83 | [ 13 root servers ] * BAM | |
| 84 | ||
| 85 | Since the attack will be using static IP addresses, it will not rely | |
| 86 | on name server resolution, thus enabling us to keep the attack up even | |
| 87 | while the Internet is down. The very fact that nobody will be able to | |
| 88 | make new requests to use the Internet will slow down those who will try | |
| 89 | to stop the attack. It may only lasts one hour, maybe more, maybe even | |
| 90 | a few days. No matter what, it will be global. It will be known. | |
| 91 | ||
| 92 | ----------------------------------------------------------------------- | |
| 93 | ||
| 94 | download link in #opGlobalBlackout | |
| 95 | ||
| 96 | ----------------------------------------------------------------------- | |
| 97 | ||
| 98 | The tool is named "ramp" and stands for Reflective Amplification. It is | |
| 99 | located in the \ramp\ folder. | |
| 100 | ||
| 101 | ----------> Windows users | |
| 102 | ||
| 103 | In order to run "ramp", you will need to download and install these two | |
| 104 | applications; | |
| 105 | ||
| 106 | WINPCAP DRIVER - http://www.winpcap.org/install/default.htm | |
| 107 | TOR - http://www.torproject.org/dist/vidalia-bundles/ | |
| 108 | ||
| 109 | The Winpcap driver is a standard library and the TOR client is used as | |
| 110 | a proxy client for using the TOR network. | |
| 111 | ||
| 112 | It is also recommended to use a VPN, feel free to choose your own flavor | |
| 113 | of this. | |
| 114 | ||
| 115 | To launch the tool, just execute "\ramp\launch.bat" and wait. The attack | |
| 116 | will start by itself. | |
| 117 | ||
| 118 | ----------> Linux users | |
| 119 | ||
| 120 | The "ramp" linux client is located under the \ramp\linux\ folder and | |
| 121 | needs a working installation of python and scapy. | |
| 122 | ||
| 123 | ----------------------------------------------------------------------- | |
| 124 | ||
| 125 | "He who sacrifices freedom for security deserves neither." | |
| 126 | Benjamin Franklin | |
| 127 | ||
| 128 | We know you wont' listen. We know you won't change. We know it's because | |
| 129 | you don't want to. We know it's because you like it how it is. You bullied | |
| 130 | us into your delusion. We have seen you brutalize harmless old womans who were | |
| 131 | protesting for peace. We do not forget because we know you will only use that | |
| 132 | to start again. We know your true face. We know you will never stop. Neither | |
| 133 | are we. We know. | |
| 134 | ||
| 135 | We are Anonymous. | |
| 136 | We are Legion. | |
| 137 | We do not Forgive. | |
| 138 | We do not Forget. | |
| 139 | You know who you are, Expect us. |
