On Thu, Dec 09, 2010 at 01:08:12PM -0500, Michael Holstein said:
The tool makes HTTP/1.0 requests, most browsers make HTTP/1.1 requests.
Realistically, if the folks from Anonymous wanted to really cause trouble, they'd be doing (legitimate looking) SSL requests against the actual payment gateways. The force-multiplier there is the computational effort it takes to negotiate a DH key exchange.
For bonus points, call the voice auth service simultaneously and just sit on hold.
Did you just aid & abet? Guess we're all about full disclosure here..? Except when its not easy to fix, like DDOS's arent. /kc -- Ken Chase - ken@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.