[citation][nom]beavis and butthead[/nom]Well they are very stupid if they think the DNS servers do not have overflow protection on them. Think Ping Blocker on steriods even regular UDP packets may look like its going through but only one request per static IP sure you can attempt a proxy but the static ip can not be masked . Stupid people think this net is like the phone back in the late 80s before caller ID . here is what will happen they will attempt a flawed UDP attack the DNS server being more secure that fort briggs will accept one request and dump the rest if they try 1000 sources to dump a UDP attack and 1000 will go through then dump hundreds of thousands of requests.making this hacker group look like tools they really are.all this is , is empty threats like the last facebook attempt it will FAIL like the group[/citation]
Due to the nature of UDP packets, the source IP can be spoofed since UDP does not require any kind of handshake. What you are thinking is TCP which which required a complex 3 way handshake process where packets are dropped unless the client and the server undergoes a process where a connection is established and maintained and ant attempt to spoof the IP will result in the packet becoming invalid and thus dropped.
The most common TCP attack, is one which makes many connections thus consuming the servers resources.
For UDP, you cant do a handshake, but if your server does a set of very specific things with the UDP then you can easily protect against most attacks. In the case of the DNS servers, the main attacks that cant really be protected against, are packet floods (though it will be the equivlent of trying to take out google with a packet flood if you try it to a root DNS server)
The other effective security flaw, is making the server it's own worst enemy. Make legitamite request that requires the server to spend CPU time and allocate memory to perform the task. Since it cant verify the source of the packet, it must treat it like any other request. Do this enough and you end up with a root DNS server that is running at 100% load with anon making most of the requests, thus making it less likely for the lesser DNS servers owned by ISP's and other companies, to update their cache. meaning if anon launches this attack and facebook decides to change their IP address on the same day then you may lose access to facebook.
While an attack that anon is planning can work, it wont have the intended effect. It will mostly hurt the lesser known sites that spring up on a daily basis, sites that are on a dynamic IP (eg someone using an old PC in their basement to host a website),, or finally, esoteric websites that are rarely accessed thus not likely to remain in a DNS server cache, thus requiring a root lookup. For the majority of internet users, they will not notice such an attack.
Anon is most likely doing this to get attention to the issue of SOPA and other harmful bills but has no plans to actually do this. Those experienced with these networks understand why it will not work but politicians and the media will not. (the media will also not listen to their IT guy because he or she will most likely not have a phd and some research study where he spent thousands or millions on to backup his or her answer)
(keep in mind that in an effort to legitimize them self further, many media companies will get together to fund research on things like (the study that shows that in a parking lot for a mall, customers prefer to park closer to the store)