Is there a switch, or how to turn off the Internet?
It is inspired by this post about six coders and the Internet that they will restart after the cataclysm.
True, the methods of disabling the Internet are not entirely clear, given that some Internet service providers built data centers in anti-nuclear bunkers underground, with a door of 40 centimeters, like in Sweden , and how the military data centers of the Russian Federation or the USA are protected only God knows.
So I decided to analyze a bit what we know about attacks on the global network and measures to counter them.
')
As it is known, the Internet is the general's son ARPANET - whose father was the military project DARPA with a budget of $ 3.2 billion. Although Charles Herzfeld, the director of ARPANET of 65-67, did not hint that the purpose of creating the project could be the Cold War and the fear of the Nuclear War with the USSR. But, when speculating with the fact, it is quite possible that ARPANET was created to centralize the US command and possibly other national security goals at the time, and of course there was talk about protecting communications under Nuclear Attack. As raised the actual question of the protection of the Internet, at its earliest stages of conception.
By the way, this is what Charles said about this:
30 years have passed ...
April 1997
Seven, out of 13 ROOT DNS servers, are due to technical problems. Especially not advertise that for the problems and how they were eliminated, but some time before troubleshooting, remaining in line 6 DNS servers served the Internet for all others. By the way, why is the number of root servers 13? This number quite often appears in the history of the United States and has vague symbolism; for example, 13 - the first state-colonies broke away from the British Lion, 13 bands on the flag, 13 steps on the Pyramid, 13 branches of the olive tree, 13 stars above the Eagle and 13 arrows on US banknotes.
October 2002
On October 21, 2002 , a DOS attack on all 13 ROOT DNS servers began - the traffic volume reached 50 to 100 Mbits / sec per server. In general, the traffic was about 900 Mbits / sec. Traffic was garbage from ICMP, TCP SYN, fragmented TCP, and UDP packets. Some servers have ceased to be available to many parts of the world, but again, all survived. Obviously, who would benefit from putting the World Wide Web over these 3 days will remain a mystery of history. But what did the traffic look like in a couple of days ...
February 2007
On February 6, 2007, the attack lasted more than 24 hours and disabled two servers:
g.root-servers.net ICANN
and
l.root-servers.net United States Department of Defense
To accomplish this attack, a botnet was used, approximately the size of ~ 4500-5000 Windows machines. % 65 infected machines were in South Korea, 19% in the United States, the very same HTTP botnet controller in the same place - in Dallas, Texas. Analysts also sniffed out the “Russian trace” in this — for example, the trace that the botnet was bought from a Russian seller and later used for some Russian purposes. Well, okay about the Russian trail, but how the attack looked technically:
* Bots used one DNS request for the victim and 3 threads for the victim.
* Unique, but stable sorce port on each thread.
* each thread was with its 1023-octet “grain”
* UDP packets poured at port 53 of each victim.
* source address bots has not been changed.
* each thread on the victim was expire for 24 hours.
To combat the attack, the following rules were recommended:
* 'dst port 53 and udp [10: 2]> 0 and udp [12: 2]! = 1 and udp [14: 2]> 0 ′
* 10: 2 dns flags
* 12: 2 qdcount
* 14: 2 ancount and filter> 300-512 octets - which dropped most of the traffic, even quite legitimate, but helped in the fight against flood.
2 days later, on February 8, Network World Magazine made an international statement where they reminded about the US Presidential Decree about a possible bombing attack of a source of cyber-attack:
It was found that the United States of America had been found in the United States of America.
One can only hope that no one will disturb the rest of the thirteen Network Whales and no one will have to bomb the enemy's botnet with earth-to-earth uranium rockets.
Although, time will tell ...
True, the methods of disabling the Internet are not entirely clear, given that some Internet service providers built data centers in anti-nuclear bunkers underground, with a door of 40 centimeters, like in Sweden , and how the military data centers of the Russian Federation or the USA are protected only God knows.
So I decided to analyze a bit what we know about attacks on the global network and measures to counter them.
')
As it is known, the Internet is the general's son ARPANET - whose father was the military project DARPA with a budget of $ 3.2 billion. Although Charles Herzfeld, the director of ARPANET of 65-67, did not hint that the purpose of creating the project could be the Cold War and the fear of the Nuclear War with the USSR. But, when speculating with the fact, it is quite possible that ARPANET was created to centralize the US command and possibly other national security goals at the time, and of course there was talk about protecting communications under Nuclear Attack. As raised the actual question of the protection of the Internet, at its earliest stages of conception.
By the way, this is what Charles said about this:
The ARPANET was not started to create a Command and Control System that would survive a nuclear attack, as many now claim. To build such a system was, clearly, a major military need, but it was not ARPA's mission to do this;30 years have passed ...
April 1997
Seven, out of 13 ROOT DNS servers, are due to technical problems. Especially not advertise that for the problems and how they were eliminated, but some time before troubleshooting, remaining in line 6 DNS servers served the Internet for all others. By the way, why is the number of root servers 13? This number quite often appears in the history of the United States and has vague symbolism; for example, 13 - the first state-colonies broke away from the British Lion, 13 bands on the flag, 13 steps on the Pyramid, 13 branches of the olive tree, 13 stars above the Eagle and 13 arrows on US banknotes.
October 2002
On October 21, 2002 , a DOS attack on all 13 ROOT DNS servers began - the traffic volume reached 50 to 100 Mbits / sec per server. In general, the traffic was about 900 Mbits / sec. Traffic was garbage from ICMP, TCP SYN, fragmented TCP, and UDP packets. Some servers have ceased to be available to many parts of the world, but again, all survived. Obviously, who would benefit from putting the World Wide Web over these 3 days will remain a mystery of history. But what did the traffic look like in a couple of days ...
February 2007
On February 6, 2007, the attack lasted more than 24 hours and disabled two servers:
g.root-servers.net ICANN
andl.root-servers.net United States Department of Defense
To accomplish this attack, a botnet was used, approximately the size of ~ 4500-5000 Windows machines. % 65 infected machines were in South Korea, 19% in the United States, the very same HTTP botnet controller in the same place - in Dallas, Texas. Analysts also sniffed out the “Russian trace” in this — for example, the trace that the botnet was bought from a Russian seller and later used for some Russian purposes. Well, okay about the Russian trail, but how the attack looked technically:
* Bots used one DNS request for the victim and 3 threads for the victim.
* Unique, but stable sorce port on each thread.
* each thread was with its 1023-octet “grain”
* UDP packets poured at port 53 of each victim.
* source address bots has not been changed.
* each thread on the victim was expire for 24 hours.
To combat the attack, the following rules were recommended:
* 'dst port 53 and udp [10: 2]> 0 and udp [12: 2]! = 1 and udp [14: 2]> 0 ′
* 10: 2 dns flags
* 12: 2 qdcount
* 14: 2 ancount and filter> 300-512 octets - which dropped most of the traffic, even quite legitimate, but helped in the fight against flood.
2 days later, on February 8, Network World Magazine made an international statement where they reminded about the US Presidential Decree about a possible bombing attack of a source of cyber-attack:
It was found that the United States of America had been found in the United States of America.
One can only hope that no one will disturb the rest of the thirteen Network Whales and no one will have to bomb the enemy's botnet with earth-to-earth uranium rockets.
Although, time will tell ...
Source: https://habr.com/ru/post/100361/
All Articles