"Make love, not spam"....

Mon Nov 29 16:54:03 UTC 2004

>
>It's a DDOS. The risk of collateral damage is  high. I
>won't discuss the RBL aspect of it because it can't be
>legitimized past the first sentence.
>
>-M<
>
>

 From what limited information is available in the articles, it 
doesn't sound that way.  It's not really a DDoS attack, but more of a 
"distributed web surfing bot."   The point isn't to generate a ton of 
false requests to overload the web servers, the point is to send a 
controlled amount of requests to cause the target websites to 
generate a lot of http traffic.   One that's not meant to knock the 
sites off line, but just consume their bandwidth through real http 
use.  *IF* their screen saver is written correctly, the sites should 
never go down, but at worst, just slow down.  That's a big *IF*.

I understand this as more of a Distributed Consumption of Service 
attack.  (Is the acronym DCoS used yet?)  Real requests, downloading 
real data, to real computers.  A lot of them.  The same effect could 
be had by having those websites being requested by the Lycos mail 
users by clicking on a link to their web site, except that would be 
more prone to cause operational problems with target sites being 
overloaded.

Also, if the "target" web servers are set up right, they should 
protect themselves in all the normal ways an http server under load 
does.  If you still think it's a DDoS, then they're only as guilty as 
Slashdot.

The big difference between Lycos Europe, and a script kiddie with 
zombies is that Lycos is mature enough to use restraint and not knock 
down websites with brute force.  They're attempting to use the 
politically correct "grown up" way to attack someone:  economics.

How is giving the spammers what they want (real web site traffic) an 
attack?  That doesn't even qualify!

Would a huge advertising effort to get users to visit every spammer 
web site they get, and click "reload" a few times also qualify as an 
attack?

Remember:  I'm assuming a properly written client.

-Jerry