That would make it trivial to take down a DNSSEC-validating DNS resolver that has yet to be patched, upsetting all the clients relying on that service and make it seem as though websites and apps were offline.
As of December 2023, approximately 31 percent of web clients worldwide used DNSSEC-validating DNS resolvers and, like other applications relying on those systems, would feel the effects of a KeyTrap attack: With those DNS servers taken out by the flaw, clients relying on them would be unable to resolve domain and host names to IP addresses to use, resulting in a loss of connectivity.
"Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging," they claimed."With KeyTrap, an attacker could completely disable large parts of the worldwide internet.", titled,"The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNS," describes how an assault would be carried out.
"When the DNS resolvers attempt to validate the DNSSEC records they receive from our nameserver, they get stalled. Our attacks are extremely stealthy, being able to stall resolvers between 170 seconds and 16 hours with a single DNS response packet."Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony – no, not a hacker attack, but because they can't open a safeICANN proposes creating .INTERNAL domain to do the same job as 192.168.x.