On Thu, 2 Dec 2004, Hannigan, Martin wrote:
-----Original Message----- From: Florian Weimer [mailto:fw@deneb.enyo.de] Sent: Thursday, December 02, 2004 2:01 PM To: Brett Cc: Hannigan, Martin; nanog list Subject: Re: How many backbones here are filtering the makelovenotspam scr eensaver site?
I think Lycos did not think this through enough. Their response is HUGE. They've essentially launched a Denial of Service on themselves.
The site that is being blackholed isn't on their network, AFAICS.
Actually, I think this is an ingenious PR campaign, but it probably doesn't work the way it was conceived, though I blieve that the net outcome for Lycos will be utterly positive.
Possibly. What will happen if the Lycos botnet gets hijacked?
to expand on this point, since it seems the screensaver pulls a list which is basically the "top newly spammed URL's" from spamcop (and possibly other places), what if the owners of the domains being 'attacked' were to point their DNS at a new ip? or set of ips? They can now control the 'bots' instead of lycos doing the controlling. I'm also concerned that lycos is claiming: "to only use 95% of the bandwidth the site has". How is that determined by lycos? Do they call each upstream and get verifiable info about the bandwidth toward the site(s) in question? Do they measure each client's output capability (and input capability) to ensure that 100 machines really equals 1.2mbps on a t1 ? There are so many holes in their 'plan', never mind the 'vigilante' parts of it which are horridly distasteful... Lycos has engineered a botnet just like any 14 year old kiddie does nightly, they just did it more publicly and under the guise of 'being helpful'. It's utterly irresponsible of them to promote this activity. -Chris