It's a classic DDoS attack, aimed at you. Someone has lots of zombie
machines out there; at some point, they sent a command packet to all of
them, saying "bombard such-and-such an IP address for 3600 seconds".
Common? It happens frequently to someone. Precursor? Entirely
possible, though there's no way to know for sure. But it can be very
bad – see http://news.zdnet.co.uk/story/0,,t269-s2103098,00.html
for what happened to a British ISP.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
We're entering protest season. The World Economic Forum opens
today in New York City. Some protesters have launched what they
call a cyber-protest using several different tools. So far it
appears directed at a few selected, although well-known, corporations.
So, this is thinly veiled hacking, in the name of protest. Very nice. I
hope the folks doing this realize that this is no different than throwing a
brick through a window, or otherwise damaging people's property, and that
they are essentially vandals.
:So, this is thinly veiled hacking, in the name of protest. Very nice. I
:hope the folks doing this realize that this is no different than throwing a
:brick through a window, or otherwise damaging people's property, and that
:they are essentially vandals.
It's not quite that simple. The more organized version of this sort of
thing was organized by a single group who provided a tool (floodnet)
which just requests the targets website over and over. Same principle
as an old fashioned sit-in or other 'flood the jails' tactics which
are based on exhausting civic resources.
The targets rely on, and thus are part of, the larger Internet infrastrucure,
which must bear the weight of the confrontation.
A regular DDoS (icmp, UDP, other) would probably come from one or two
crackers acting alone, or maybe a small team who operate independently
of any political action group. They would unleash the DDoS because the
political climate offered an opportune time to play with their
zombie network, by taking advantage of the confusion. Treat it like
you would any other DDoS, bearing in mind that it is more likely to
be the same people DDoS'ing as it would any other time.
"Traditional" DDoS'ing isn't consistant with the real goals of any
activist group I've heard of, including the ones who are blamed for
confrontations with police. It's grim that there is such a thing as
'traditional' ddos though.
Real lawyers will be discussing "Internet Activism Basics: What Works,
What Doesn't and What Will Get You Arrested" at the April Computers,
Freedom and Privacy conference in San Francisco, CA. www.cfp2002.com
% Invalid input detected at '^' marker.