Again, the fact that X amount of bandwidth was consumed tells us *NOTHING* about the nature of the attack. (Which is the only point I'm arguing, here, and is the fallacy the initial poster fell victim to.)
For those of you who STILL don't agree with this.. Consider this thought: Random user breaches 10 sites each behind a T1. This user leaves these servers up and writes a script to take the IPs out of a file and start the attack. The user publishes the script to the user's friends. One of them goes and adds another 25 hosts to the list and re-advertizes it. However, this user has found sites on 10 meg ethernet being fed by a T3 and figures that 5 megs can be had from these hosts on average. This user publishes this AGAIN to someone who adds another 15.. repeat ad-nauseum. People, thats 45 hosts that are just kind of let up, open for all to use. There is no reasoon that there can't be HUNDREDS of hosts on that list. There is no reason that there cannot be HUNDREDS of lists with a couple of dozen hosts each. The possibility of being able to use large numbers of hosts to launch such an attack is VERY REAL. And at that level, if you have an average of, say, 768K from 150 hosts, you are sending 115 megabits at the target. If you manage to pull 2 megs each from these (say, cable movem or something), then that goes up to 400 megs. The possibility is there, people.. And it gets worse. ---------------------------------------------------------------------- Wayne Bouchard [Immagine Your ] web@typo.org [Company Name Here] Network Engineer ----------------------------------------------------------------------