RE: How many backbones here are filtering the makelovenotspam scr eensaver site?

["Christopher L. Morrow" <christopher.morrow () mci com>]

On Thu, 2 Dec 2004, Hannigan, Martin wrote:

> > -----Original Message-----
> > From: Florian Weimer [mailto:fw () deneb enyo de]
> > Sent: Thursday, December 02, 2004 2:01 PM
> > To: Brett
> > Cc: Hannigan, Martin; nanog list
> > Subject: Re: How many backbones here are filtering the makelovenotspam
> > scr eensaver site?
> >
> >
> > > I think Lycos did not think this through enough.  Their response is
> > > HUGE.  They've essentially launched a Denial of Service on
> > themselves.
> >
> > The site that is being blackholed isn't on their network, AFAICS.
> >
> > Actually, I think this is an ingenious PR campaign, but it probably
> > doesn't work the way it was conceived, though I blieve that the net
> > outcome for Lycos will be utterly positive.
>
>
> Possibly. What will happen if the Lycos botnet gets hijacked?

to expand on this point, since it seems the screensaver pulls a list which
is basically the "top newly spammed URL's" from spamcop (and possibly
other places), what if the owners of the domains being 'attacked' were to
point their DNS at a new ip? or set of ips? They can now control the
'bots' instead of lycos doing the controlling.

I'm also concerned that lycos is claiming: "to only use 95% of the
bandwidth the site has".

How is that determined by lycos? Do they call each upstream and get
verifiable info about the bandwidth toward the site(s) in question? Do
they measure each client's output capability (and input capability) to
ensure that 100 machines really equals 1.2mbps on a t1 ?

There are so many holes in their 'plan', never mind the 'vigilante' parts
of it which are horridly distasteful... Lycos has engineered a botnet just
like any 14 year old kiddie does nightly, they just did it more publicly
and under the guise of 'being helpful'. It's utterly irresponsible of them
to promote this activity.

-Chris