On Jan 12, 12:52 pm, Blaine Cook <[email protected]> wrote: > How is this scenario at all different than any random DoS attack > (intentional or unintentional)? Anyone can flood any HTTP endpoint > they choose with requests;
The difference is that most people can't just perform a DoS attack directly. If I were to try and flood someone's server from my home DSL account, I wouldn't have much success - I would run out of bandwidth long before they did. Which is why an attacker typically relies on a network of compromised machines to do the attacking for them. And if I were to inform someone that their machine was compromised and was being used as a source of DoS attacks, I would expect them to try and do something about it. But that's what a PuSH hub is in many ways - the equivalent of a high-bandwidth, compromised machine. Yet you don't seem to think that's a problem. > Lawsuits are not going to make denial of service attacks go away That's because the source of the attack is usually distributed across a large number of compromised machines who are themselves victims - in such a case a lawsuit isn't feasible. However, when the source is easily identifiable as coming from one or two high-bandwidth hubs belonging to a company with a lot of money, the idea of a lawsuit starts to look like a reasonable way to recover damages.
