My First Denial of Service Attack..... (fwd)

> I think that there are appropriate (and possibly over-harsh depenidng

Shouldn't it be dependent on what type of money was lost during an
attack? Somewhat comparable to injury compensation?

Here's a non-relevant anecdote you reminded me of:

  I once worked one summer for a construction company that was
  extending a mass-transit train line northeast of Washington, D.C.
  The tracks of an existing rail line parallel to our new line
  was laid upon about 6' of small rocks. Along those rocks for
  several yard/meters, a very thick metal-foil shielded cable
  jutted out from its rocky protection.

  I asked another crew member, "What's that?"

  "Oh, that's Sprint's fiber up the northeast corridor, " he replied.

  "It shouldn't be lying out there, should it? What if I or someone
   else took a shovel to it?"

  The foreman commented, "We'd be sued for $100,000 for every 10 minutes
  the line was cut."

  Being good at math, I was awestruck, "That's 6 million dollars per

  "Yeah, you'd likely be fired before the rest of us would be laid off,"
   added our foreman.

It gave me new-found respect for loose cables and later for Wiltel's
gas pipe right-of-ways.

IMHO, I'd say it's up to an ISP to calculate how much an attack costs
them if they catch a hacker and then take them to trial. You don't hear
of ISPs taking people to trial, though, just cutting off their access.
If hackers know that they'll be sued if they're caught, it might deter
them (from being caught at least ;^).

Here's a non-relevant anecdote you reminded me of:

Your anecdote reminded me of a story someone told me recently about AT&T.

I am not going to type it all out here, but I will summarize.

Company A hires Company B to do some trenching along the highway to
install new fiber for Company A. Company B's backhoe operator
accidentally cuts a major AT&T backbone causing serious outages. AT&T not
only sues the backhoe driver, but Company B and Company A, forcing them
both to declair chapter 11.

My point is here, if we start taking hackers to court, what happens in
this scenario:

Hacker is from telnets to then SYN

[Disclaimer: the hosts above were for demonstrative purposes only, the
hosts are fictional, bearing no direct correlation to any living or dead]

Who gets sued? Both providers, neither, or just the hacker?

It brings up some interesting questions.