The DDoS Attacks, One Year Later

ATKeiper writes: "One year after the DDoS attacks against major Web sites, C|Net reports that there are still 'no strong defenses deployed' against such attacks. The only person so far accused by prosecutors is Canadian teen hacker mafiaboy, whose trial starts in a month. Was it a forgettable stunt? A much-needed wake-up call for insecure e-commerce sites? Lame script kiddies giving hackers a bad name?"

Mafiaboy pleaded guilty in January

[Bishop]

The linked article is out of date. On January 18th Mafiaboy pleaded guilty to 56 of the 66 charges. The other 10 charges were withdrawn. CBC has some details.

Re:DDOS and responsibility

[Foochar]

The key difference between slashdot and a DDOS is the legitimacy of the access.

When slashdot links to a site all they are doing is advertising the existance of said site. Its not that much different from when a gas station does a roll back the clock sale and marks their prices down to $0.49 for the day and it has similar results. Every person going to a site linked to by slashdot has a legitimate reason to go there. Additionally many of the sites benifit from the added traffic. For many of the small sites if just 1 percent of the slashdotters that visit the site keep coming they will have increased their number of readers by an order of magnitude or more, and by increasing their numbers they have increased their earning from any advertising they may do.

The traffic generated by a DDOS attack on the other hand is not legitimate traffic. Its sole intenet is to bring down the site. It dosen't bring new people to the site, it dosen't generate banner revnue for the site it just brings it down. It'd be the equivalent to somehow brainwashing a bunch of people to all get in their cars at the same time, drive down to the gas station. Once they got there they'd pull up to the pump, take the nozzle out, flip the lever and then hang it back up again without pumping any gas. All you are doing is preventing legitimate access from taking place, and in the gas station example they'd all probably get prosocuted for trespassing.

You can't blame slashdot for a site's inability to keep up with legitimate demand, the same way you can't blame the community for a store's inability to keep a hot item in stock, say a Furby a couple Christmases ago. Who do you blame, the store who can't meet demand, and the site who can't keep up with traffic.

There's no defense against tacks either

[Microsift]

If I took a bag of tacks and spread them across a busy highway, traffic would slow down to a crawl as the road became littered with disabled vehicles(or if I hung a VW from a bridge). Not much has been done to combat this, except that most people are decent enough not to drop a bagful of tacks on the road.

Regard these attacks for what they are irresponsible acts by people with little regard for the public good.