For purposes of this kind of attack, bandwidth is *FREE*. Remember what we're positing here: 1) The attacks come from compromised sites. 2) The trigger is a single ICMP packet sent to each of those sites. You could run this over a 14.4k modem, no problem. You could run this over a Palm Pilot, plugged into a pay phone. You could run this from a PC sitting in your local public library, for free. It just takes setup time, and that can be done by writing a program that does something else, and has this lying in wait. Or, an ActiveX control sitting on a site somewhere that fires up when it's hit and attacks. Put some information on the site (DeCSS info, maybe?), post a link on Slashdot so lots of folks hit it, and whammo, hundreds or even thousands of dupes running Internet Explorer suddenly use all their bandwidth launching bits of your attack. 200 dupes with 33.6k modems can flood a T1. 200 dupes with 512k ADSL can flood multiple T3s. 200 dupes with Road Runner can flood OC-[insert small integer here]. Multiply by your worst nightmares. Again, the fact that X amount of bandwidth was consumed tells us *NOTHING* about the nature of the attack. (Which is the only point I'm arguing, here, and is the fallacy the initial poster fell victim to.) At 12:54 PM 2/9/2000 -0500, you wrote:
On the other hand, I have a 768k DSL line at home for $89/mo. Bandwidth isn't as cheap as you might think.