>> In order to shut down a web site running on anything bigger than, say, a dialup connection, everyone who received the email would have to open it at the same time.
Well, no. Once your machine is infected it will pound the target site as long as your computer is on. If a few thousand computers are infected quite a few of them will be on at the same time, which is enough to bring down the site:).
The point is when you are hitting with thousands of machines, you don't need to spoof!
Does your router hold thousands of IPs in its deny list. Besides, wouldn't that hurt your business if you start blocking tons of people.So whoever gets infected can never access your services, unless you want to wipte your 'IP list' every once in a while.
Ah, but look at what I presented above. There is no need to spoof the originating IP when you are hitting it from thousands of nodes across the net (and you don't own any of them)! No one can shut down thousands of machines at the same time.
This new DDOS attack, opens up a whole new can of worms.
The solution presented here only works if the number of offending computers is small.
If for instance the DDOS attack was a virus which spread via email (thus affecting thousands of machines as "Happy '99" virus easily did), and it opened a connection to the target site like www.yahoo.com and simply hit it with large packets without the need for masking the originial IP; the plan presented here would fail.
How are you going to deny access to thousands of IPs or identify thousands of machines that are attacking your site, contact their owners and get them to disinfect their machines?? It is unfeasable. Thus, the target site would be easily screwed.
Slashdot Mirror
>> In order to shut down a web site running on anything bigger than, say, a dialup connection, everyone who received the email would have to open it at the same time.
:).
Well, no. Once your machine is infected it will pound the target site as long as your computer is on. If a few thousand computers are infected quite a few of them will be on at the same time, which is enough to bring down the site
You don't crack into them, you disrtibute it as a virus that sits on winsock.dll, like the way Happy 99 virus does it.
The point is when you are hitting with thousands of machines, you don't need to spoof!
Does your router hold thousands of IPs in its deny list. Besides, wouldn't that hurt your business if you start blocking tons of people.So whoever gets infected can never access your services, unless you want to wipte your 'IP list' every once in a while.
It is all about power in large numbers!
Ah, but look at what I presented above. There is no need to spoof the originating IP when you are hitting it from thousands of nodes across the net (and you don't own any of them)! No one can shut down thousands of machines at the same time.
This new DDOS attack, opens up a whole new can of worms.
The solution presented here only works if the number of offending computers is small.
If for instance the DDOS attack was a virus which spread via email (thus affecting thousands of machines as "Happy '99" virus easily did), and it opened a connection to the target site like www.yahoo.com and simply hit it with large packets without the need for masking the originial IP; the plan presented here would fail.
How are you going to deny access to thousands of IPs or identify thousands of machines that are attacking your site, contact their owners and get them to disinfect their machines?? It is unfeasable. Thus, the target site would be easily screwed.