As demonstrated with the recent DOS attack on the World Economic Forum's web site, tools are being made available which assist users in downloading an applet to automatically refresh against a target's home page; thereby making the site unavailable if enough users have downloaded and are running the applet.
Question 1 - In this type of attack, I've heard different opinions as to whether an IDS would or would not pick up the event since a - url looks normal b - three way handshake completes c - traffic might be under url I'm under the assumption the IDS would not catch 'cause of reasons a - c above. Any views to the contrary ? Question 2 - Any best practices against this risk other than making sure your site has much and redundant bandwidth. Thanks.....Mike Ungar __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com
