On Tue, 30 May 2006 09:44:49 PDT, Alexei Roudnev said:
Netwok must be designed to survive few DDOS attacks easily, by auto-isolating and auto-limiting such traffic. Else, you will have a serious problems if real traffic became congested (for example, everyone rush to download fee iPOD songs).
Mafiaboy hosed down a few big sites - I think he had something like 850 zombies under his control. Today's botnets are averaging some 100x the size. The problem is cost - the vast majority of sites on the Internet really *can't* afford the resources needed to withstand the impact of a 100K zombie botnet or a mention on Slashdot. Even sites with big pipes have to make judgment calls - our site has enough OC-12's worth of pipe to ride out a small attack. But at some point, we need to draw the line and say "We're not putting in another OC-48 until our normal traffic justifies it, and we'll just have to bet that we don't piss off anybody with an OC-48's worth of zombies".
Script-kiddies... what's about them, they existed in 199x-th as well and they will exist in 201x.
10 years ago, the script-kiddies were armed with the equivalent of switchblade knives - now they're packing the equivalent of AK-47s and several magazines of extra ammo.