On Thu, 17 Oct 2002 09:47:12 PDT, Ratul Mahajan said:
ps: since i don't run networks myself, all of this may be something that is obviously asinine. would be great if someone was to point out if that is the case, and why.
Remember - in most cases, the management of a company *may* have moral or ethical requirements "to be a good citizen", but they almost certainly have legal requirements to "the bottom line". If a site is paying you for transit, there's a very strong *dis*incentive to take any action that would prevent a DDoS attack - the bottom line says the Right Thing is to install just enough traffic shaping so a DDoS won't melt *your* net, and bill for the traffic. ;) If anything, in that case you want to charge well-run sites MORE, to make up for the revenue loss of them not being involved in a DDoS. ;) The exact same logic applies to spammage, worms, and other malware - when there's a bandwidth glut, and you're selling bandwidth, you *WANT* traffic. I wonder how much revenue SirCam and Nimda generated.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech