I smell denial here. The compromised systems (only 52?) had to have access to pipes at least 1 Gbps in size, in order to carry out this attack (do the math yourself). Either there were many more systems participating (in itself a scarey thought) or many of these large and professionally run systems are owned and their operators don't know it. The only other alternative is the conspiracy theory from hell.
I've seen instances where workstations of experienced people had been compromised for considerable periods of time without their knowledge. This, to me, is not suprising. My view of security is that its all about trust. Major public servers are watched quite closely simply as a result of the attention that has to be given to the applications they support. However, those same administrators generally don't watch smaller, auxillary systems (ie, a 3rd nameserver several thousand miles away that serves no other function.) Consider the responsibility of a corporate security dude and IT guys who is trying to watch over the network used by 3 or 4 thousand employees, most of whom have desktop computers and few of which know how to do more than email 3 meg excel files to 30 or 40 people all over the corporate network several times a day. If the network is not kept absolutely tight, everything is a risk. I always work from the maxim (and those I work with have heard this at least a hundred times before) that "the easiest way to break into one computer is to break into another computer that it trusts." (eg. personal workstations... how many times have you looked at your process table this week?) ---------------------------------------------------------------------- Wayne Bouchard [Immagine Your ] web@typo.org [Company Name Here] Network Engineer ----------------------------------------------------------------------