RE: Yahoo offline because of attack (was: Yahoo network outage)

[Shawn McMahon <smcmahon () eiv com>]

For purposes of this kind of attack, bandwidth is *FREE*.

Remember what we're positing here:

1) The attacks come from compromised sites.

2) The trigger is a single ICMP packet sent to each of those sites.

You could run this over a 14.4k modem, no problem.

You could run this over a Palm Pilot, plugged into a pay phone.

You could run this from a PC sitting in your local public library, for free.

It just takes setup time, and that can be done by writing a program that 
does something else, and has this lying in wait.

Or, an ActiveX control sitting on a site somewhere that fires up when it's 
hit and attacks.  Put some information on the site (DeCSS info, maybe?), 
post a link on Slashdot so lots of folks hit it, and whammo, hundreds or 
even thousands of dupes running Internet Explorer suddenly use all their 
bandwidth launching bits of your attack.

200 dupes with 33.6k modems can flood a T1.  200 dupes with 512k ADSL can 
flood multiple T3s.  200 dupes with Road Runner can flood OC-[insert small 
integer here].  Multiply by your worst nightmares.

Again, the fact that X amount of bandwidth was consumed tells us *NOTHING* 
about the nature of the attack.  (Which is the only point I'm arguing, 
here, and is the fallacy the initial poster fell victim to.)


At 12:54 PM 2/9/2000 -0500, you wrote:

> On the other hand, I have a 768k DSL line at home for $89/mo. Bandwidth
> isn't as cheap as you might think.