It's a DDOS. The risk of collateral damage is high. I won't discuss the RBL aspect of it because it can't be legitimized past the first sentence.
-M<
From what limited information is available in the articles, it doesn't sound that way. It's not really a DDoS attack, but more of a "distributed web surfing bot." The point isn't to generate a ton of false requests to overload the web servers, the point is to send a controlled amount of requests to cause the target websites to generate a lot of http traffic. One that's not meant to knock the sites off line, but just consume their bandwidth through real http use. *IF* their screen saver is written correctly, the sites should never go down, but at worst, just slow down. That's a big *IF*. I understand this as more of a Distributed Consumption of Service attack. (Is the acronym DCoS used yet?) Real requests, downloading real data, to real computers. A lot of them. The same effect could be had by having those websites being requested by the Lycos mail users by clicking on a link to their web site, except that would be more prone to cause operational problems with target sites being overloaded. Also, if the "target" web servers are set up right, they should protect themselves in all the normal ways an http server under load does. If you still think it's a DDoS, then they're only as guilty as Slashdot. The big difference between Lycos Europe, and a script kiddie with zombies is that Lycos is mature enough to use restraint and not knock down websites with brute force. They're attempting to use the politically correct "grown up" way to attack someone: economics. How is giving the spammers what they want (real web site traffic) an attack? That doesn't even qualify! Would a huge advertising effort to get users to visit every spammer web site they get, and click "reload" a few times also qualify as an attack? Remember: I'm assuming a properly written client. -Jerry