RE: Yahoo offline because of attack (was: Yahoo network outage)

["Roeland M.J. Meyer" <rmeyer () mhsc com>]

> From: George Herbert [mailto:gherbert () crl com]
> Sent: Wednesday, February 09, 2000 12:52 AM
> To: Roeland M.J. Meyer
>
> Roeland wrote:
> > I smell denial here. The compromised systems (only 52?) had to
> have access
> > to pipes at least 1 Gbps in size, in order to carry out this
> attack (do the
> > math yourself). Either there were many more systems
> participating (in itself
> > a scarey thought) or many of these large and professionally run
> systems are
> > owned and their operators don't know it. The only other
> alternative is the
> > conspiracy theory from hell.
>
> No, they don't.  Assume there's 40k of data in the homepage.
> How many bytes of SYN-SYNACK-ACK-GET / HTTP/1.0\n does it take
> to do a TCP connect and request?  I just tested, I show 160 bytes.
> That's a 250:1 leverage for the attacker.  To fill 1 GBPS worth
> of outbound trunking you only need to generate 4 MBPS (32 Mbps)
> worth of input.  50ish systems with T-1 connectivity gets there
> with margins.

Okay, but you've still missed the point. Even if I stipulate everything you
said here, that's still 50 largish systems that are compromised. I would
almost wager that the perpetrators didn't use all of their assets either.
That's a shit-load of large compromised systems on the Internet. Doesn't
that thought worry you in the slightest?