Attacks against the root nameservers can, in theory, impact operation of the entire Internet, rather than specific websites. However, in practice, the root nameserver infrastructure is highly resilient and distributed, using both the inherent features of DNS (result caching, retries, and multiple servers for the same zone with fallback if one or more fail), and, in recent years, a combination of anycast and load balancer techniques used to implement most of the thirteen nominal individual root servers as globally distributed clusters of servers in multiple data centers.
The caching and redundancy features of DNS mean that it would require a sustained outage of all the major root servers for many days before any serious problems were created for most Internet users, and even then there are still numerous ways in which ISPs could set their systems up during that period to mitigate even a total loss of all root servers for an extended period of time.
In a statement, referred to as "Operation Global Blackout", Anonymous said that the attack would be a protesting move against the Wall Street and the "SOPA" copyright protection bill, which was submitted to the U.S. Congress.
"To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down," reads the statement. "Remember, this is a protest, we are not trying to 'kill' the Internet, we are only temporarily shutting it down where it hurts the most. "
The DDoS attack is said to take advantage of a "Reflective DNS Amplification DDoS tool" compiled by Anonymous.
"The principle is simple; a flaw that uses forged UDP packets is to be used to trigger a rush of DNS queries all redirected and reflected to those 13 IPs. The flaw is as follow; since the UDP protocol allows it, we can change the source IP of the sender to our target, thus spoofing the source of the DNS query.
The DNS server will then respond to that query by sending the answer to the spoofed IP. Since the answer is always bigger than the query, the DNS answers will then flood the target ip. It is called an amplified because we can use small packets to generate large traffic. It is called reflective because we will not send the queries to the root name servers, instead, we will use a list of known vulnerable DNS servers which will attack the root servers for us," Anonymous said.
Anonymous added that the very fact that nobody would be able to make new requests to use the Internet will slow down those who will try to stop the attack. "It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known," the team said.
According to cyber security researcher Rob Graham at Errata Security, it is unlikely that such an attack would be effective. He says "it's doubtful many people would notice."