[45323] in North American Network Operators' Group
RE: WEF cyber-protest (was Re: distributed attack, high or not)
daemon@ATHENA.MIT.EDU (batz)
Thu Jan 31 11:03:28 2002
Date: Thu, 31 Jan 2002 10:56:05 -0500 (EST)
From: batz <batsy@vapour.net>
To: Daniel Golding <dgolding@sockeye.com>
Cc: Sean Donelan <sean@donelan.com>,
"Steven M. Bellovin" <smb@research.att.com>,
"Joseph T. Klein" <jtk@titania.net>, nanog@merit.edu
In-Reply-To: <GKEFKKIKGCMICPKBAEIMMELHCFAA.dgolding@sockeye.com>
Message-ID: <Pine.BSF.4.21.0201311037270.35496-100000@vapour.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 31 Jan 2002, Daniel Golding wrote:
:So, this is thinly veiled hacking, in the name of protest. Very nice. I
:hope the folks doing this realize that this is no different than throwing a
:brick through a window, or otherwise damaging people's property, and that
:they are essentially vandals.
It's not quite that simple. The more organized version of this sort of
thing was organized by a single group who provided a tool (floodnet)
which just requests the targets website over and over. Same principle
as an old fashioned sit-in or other 'flood the jails' tactics which
are based on exhausting civic resources.
The targets rely on, and thus are part of, the larger Internet infrastrucure,
which must bear the weight of the confrontation.
A regular DDoS (icmp, UDP, other) would probably come from one or two
crackers acting alone, or maybe a small team who operate independently
of any political action group. They would unleash the DDoS because the
political climate offered an opportune time to play with their
zombie network, by taking advantage of the confusion. Treat it like
you would any other DDoS, bearing in mind that it is more likely to
be the same people DDoS'ing as it would any other time.
"Traditional" DDoS'ing isn't consistant with the real goals of any
activist group I've heard of, including the ones who are blamed for
confrontations with police. It's grim that there is such a thing as
'traditional' ddos though.
