What to we need to do to nip this one in the bud
It's just HTML/JavaScript code, loaded by browsers around the world nearly simultaneously. The plan essentially revolves around a few thousand users hitting "reload" at the same time, and repeatedly. Protecting the targets will be hard. Maybe the attackers will have a [mostly] common referer: header that you can filter against or something similar, but whatever you do it'll have to be pretty high-level. A high-end cache might work to keep the servers from getting overloaded although it wouldn't help with a bandwidth crunch. Filtering the senders would be a better long-term cure. Setting up mechanisms that detect a high-volume of out-bound requests to a single object would be a good way to determine if any of your customers are involved in the attack. It's unlikely that everybody will do this though so it's probably not an effective prevention tool. Lawsuits, criminal procedures and other forms of spectacular example will be the best long-term deterrant. An example of the HTML/JavaScript from their site: <HTML><HEAD><TITLE>Basic, standalone denial of service tool</TITLE></HEAD> <FRAMESET COLS="50%,50%" FRAMESPACING=0 BORDER=3 ONLOAD="setTimeout('self.location.reload(true)',4000);"> <FRAME SRC="http://www.target1.com" NAME="site1" NORESIZE SCROLLING="no"> <FRAME SRC="http://www.target2.com" NAME="site2" NORESIZE SCROLLING="no"> </FRAMESET></HTML> More at http://www.gn.apc.org/pmhp/ehippies/files/op1.htm -- Eric A. Hall ehall@ehsco.com +1-650-685-0557 http://www.ehsco.com