Hi, In the past year I have been working in collaboration with psychologists Robert Cialdini and Rosanna Guadagno on a paper analyzing some of what I saw from the social perspective in Estonia, when I wrote the post-mortem analysis for the 2007 attacks, but didn't understand at the time. Aside to botnets and and flood-based attacks, many of the attacks were "live mobs", or an "online riot" if you like, where individuals simply sent pings toward Estonian addresses. While it doesn't seem like pings would cause so much damage -- en masse they certainly did. Then of course, there is also the psychological aspect... ... When everyone and their grandmother attacked with pings, spammers, professionals and others who know what they are doing then got involved, attacking using more sophisticated tools. We analyze how the Russian-speaking population online was manipulated to attack Estonia (and Georgia) in the "cyber war" incidents, and how it could happen again (regardless of if any actor is behind it). The psychological aspect of this is indeed off-topic to NANOG, but the attack is analogous to network peak usages with user interest in high-bandwidth content, and how large networks prepare for such peaks. This is about the DDoS attacks, and how a human DDoS has been and can be initiated again. It also under-scores the power of individual activism on the internet, and how it can also be abused. I hope some here would find the research useful for their own interest, if nothing else. Otherwise, sorry for wasting your bandwidth and thanks for your time. Article on El Reg: http://www.theregister.co.uk/2010/04/28/web_war_one_anonymity/ Paper (for download with pay :( ): http://www.liebertonline.com/doi/abs/10.1089/cyber.2009.0134 Thanks, and any comments appreciated. If on psychology, please do it off-list, though. Gadi. -- Gadi Evron, ge@linuxbox.org. Blog: http://gevron.livejournal.com/