North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Yahoo offline because of attack (was: Yahoo network outage)
> From: George Herbert [mailto:[email protected]] > Sent: Wednesday, February 09, 2000 12:52 AM > To: Roeland M.J. Meyer > > Roeland wrote: > >I smell denial here. The compromised systems (only 52?) had to > have access > >to pipes at least 1 Gbps in size, in order to carry out this > attack (do the > >math yourself). Either there were many more systems > participating (in itself > >a scarey thought) or many of these large and professionally run > systems are > >owned and their operators don't know it. The only other > alternative is the > >conspiracy theory from hell. > > No, they don't. Assume there's 40k of data in the homepage. > How many bytes of SYN-SYNACK-ACK-GET / HTTP/1.0\n does it take > to do a TCP connect and request? I just tested, I show 160 bytes. > That's a 250:1 leverage for the attacker. To fill 1 GBPS worth > of outbound trunking you only need to generate 4 MBPS (32 Mbps) > worth of input. 50ish systems with T-1 connectivity gets there > with margins. Okay, but you've still missed the point. Even if I stipulate everything you said here, that's still 50 largish systems that are compromised. I would almost wager that the perpetrators didn't use all of their assets either. That's a shit-load of large compromised systems on the Internet. Doesn't that thought worry you in the slightest?
|