At 11:15 AM 5/3/2006, John Levine wrote:
Uh. Who let the Frog out?
http://www.wired.com/news/technology/internet/0,70798-0.html?tw=rss .technology
It's all explained here:
And this just hit wires with quotes from Renesys and SANS ISC. http://www.infoworld.com/article/06/05/04/78074_HNbluesecurityddos_1.html -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com
On Thu, 4 May 2006, Martin Hannigan wrote:
At 11:15 AM 5/3/2006, John Levine wrote:
Uh. Who let the Frog out?
http://www.wired.com/news/technology/internet/0,70798-0.html?tw=rss .technology
It's all explained here:
And this just hit wires with quotes from Renesys and SANS ISC.
http://www.infoworld.com/article/06/05/04/78074_HNbluesecurityddos_1.html
I hate to be the bearer of bad news to spammers :) but based on bluesecurity's tactics I can make a guess about attitude of their people and its such that DoS attack on them will only cause them more determination to continue and I suspect to majority of their users as well (and publicity is also likely to bring them more users). Moving the site to TypePad was incorrect way of dealing with attack though; but its actually not the first time I've heard of the site using a blog as temporary page while their primary site is down due to DoS... - some education on what blogs are good for is in order. But as it is looks like bluesecurity is moving to prolexic which claim to deal with just such situations. -- William Leibzon Elan Networks william@elan.net
At 07:16 PM 5/4/2006, william(at)elan.net wrote:
On Thu, 4 May 2006, Martin Hannigan wrote:
At 11:15 AM 5/3/2006, John Levine wrote:
Uh. Who let the Frog out?
http://www.wired.com/news/technology/internet/0,70798-0.html?tw=r ss .technology It's all explained here: http://weblog.johnlevine.com/2006/05/03
And this just hit wires with quotes from Renesys and SANS ISC.
http://www.infoworld.com/article/06/05/04/78074_HNbluesecurityddos_1.html
I hate to be the bearer of bad news to spammers :) but based on bluesecurity's tactics I can make a guess about attitude of their people and its such that DoS attack on them will only cause them more determination to continue and I suspect to majority of their users as well (and publicity is also likely to bring them more users).
Moving the site to TypePad was incorrect way of dealing with attack though; but its actually not the first time I've heard of the site using a blog as temporary page while their primary site is down due to DoS... - some education on what blogs are good for is in order. But as it is looks like bluesecurity is moving to prolexic which claim to deal with just such situations.
I hate to be the bearer of bad news to BS' VC's, but BS moving their DNS to UltraDNS and hosting to Prolexic was likely not part of the business plan. "They ain't cheap". The spammers can now theoretically force them to spend all time and all their money responding to attacks. The killer here is that they asked a lot of people a year ago whether this was a good idea and everyone said no. Read John Levine's blog and pointer to a few of his previous articles. He wasn't the only person they asked. There's a WHOLE lot more to this than is public. Spammers: 2 Blue Security: 0 NANOG: -2 (vigilante time sink) -M< -- Martin Hannigan (c) 617-388-2663 Renesys Corporation (w) 617-395-8574 Member of Technical Staff Network Operations hannigan@renesys.com
On Thu, May 04, 2006 at 08:21:04PM -0400, Martin Hannigan wrote:
The killer here is that they asked a lot of people a year ago whether this was a good idea and everyone said no.
Agreed. It's just the latest in the series of fiascos that we've seen when people try to respond to abuse with abuse. It doesn't work, it's not going to work, and the most likely outcome of any attempt to make it work will be yet another illustration of the law of unintended consequences. (e.g. Lycos' "MakeLoveNotSPam") Not to mention that furnishing useful intelligence to the enemy (which BS does by design) is a poor strategy. ---Rsk
On Thu, 4 May 2006, Martin Hannigan wrote:
I hate to be the bearer of bad news to spammers :) but based on bluesecurity's tactics I can make a guess about attitude of their people and its such that DoS attack on them will only cause them more determination to continue and I suspect to majority of their users as well (and publicity is also likely to bring them more users).
Moving the site to TypePad was incorrect way of dealing with attack though; but its actually not the first time I've heard of the site using a blog as temporary page while their primary site is down due to DoS... - some education on what blogs are good for is in order. But as it is looks like bluesecurity is moving to prolexic which claim to deal with just such situations.
I hate to be the bearer of bad news to BS' VC's, but BS moving their DNS to UltraDNS and hosting to Prolexic was likely not part of the business plan. "They ain't cheap". The spammers can now theoretically force them to spend all time and all their money responding to attacks.
You know quite well that if they continue dos for too long law-enforcement would finally get interested... Now I really don't know UDNS and Prolexic prices but I have a feeling those hosting fees would be far from being their biggest expense. So I have to disagree with you that is what could bring them down, though I agree that as usual a lot depends on if their VCs want all this going - I just don't think hosting fees will be major reason for such a decision (unless BS self-funded which I doubt).
The killer here is that they asked a lot of people a year ago whether this was a good idea and everyone said no.
Yep and they were all right.
Spammers: 2 Blue Security: 0 NANOG: -2 (vigilante time sink)
Its more like: Spammers: -2 Blue Security: -1 Nanog: 0 (talk is cheap but results are...) -- William Leibzon Elan Networks william@elan.net
participants (3)
-
Martin Hannigan -
Rich Kulawiec -
william(at)elan.net