(no subject)

[plonq]

Screwing over spammers makes Plonqie smile.

It's not a DDOS attack, it's just a huge bandwidth suck.  My biggest concern with this is that the sites in question might interpret the jump in bandwidth as evidence that spamming works and use it as an excuse to sent out even more.

Comments

[feren.livejournal.com]

This does not make me smile, because as a broadband user, my upstream channels are limited. If other people in the neighborhood are filling up my upstream channels with illegitimate, poorly-thought-out attempts at ping floods which will fail (and already have begun to, as the spammers move address blocks and providers before the RBLs even get an idea the spammer was at the old address), then there will be no room left on the upstream for my/their legitimate HTTP GET requests, ACKs and other things. This will impact the downstream bandwidth, rendering it lifeless in very short order

The only individuals this attempt at "retribution" is truly going to "hurt" is the end user her/himself, and whoever else is unlucky enough to share a CO or HFC head-end with them.

[atara.livejournal.com]

??? Did you even read the article?

He said the screensaver had been carefully written to ensure that the amount of traffic it generated from each user did not overload the web.

"Every single user will contribute three to four megabytes per day," he said, "about one MP3 file."

God forbid your ISP can't handle 3MB worth of data transfer per user per day. :P (I can't even imagine how much bandwidth I use playing Sven Coop or Counterstrike online.)

[feren.livejournal.com]

[??? Did you even read the article?]

!!! Sure did. We've also been discussing it, the technology, the legal ramifications and the moral implications at length today on the North American Network Operator's Group.

[God forbid your ISP can't handle 3MB worth of data transfer per user per day. :P]

Are you familiar with the DOCSIS standard, "grade of service," symmetrical versus asymmetrical connections and the concept of "resource scarcity?" Especially with how TCP is impacted by the above? Simply put, the concern is not about the 3MB per user per day¹ -- that's easy for the network². The concern, and the entire point I was commenting on, is about the 3MB per user per day quite possibly trying to come up the pipe from all the users at the same time. That is not easy for the network and generally results in poor performance for the end user.

[I can't even imagine how much bandwidth I use playing Sven Coop or Counterstrike online]

All signs point to less than 6kbps on average for upstream consumption.

¹The use of "day" in this LJ comment refers to a given 24 hour period.
²The use of "The Network" in this LJ comment refers to a local neighborhood cable network, serving an average number of residential users with cable modems, with a single CMTS at the cable head. It does not refer to "the Internet" as a whole.

[atara.livejournal.com]

How do you coordinate every user of a network/ISP to all run the same program and to all have it running at exactly the same time?

Conceivably, every user on an ISP might be running SETI@Home and might need to upload their results at exactly the same time. Why wouldn't that present the same kind of problem?

[plonq.livejournal.com]

The concern, and the entire point I was commenting on, is about the 3MB per user per day quite possibly trying to come up the pipe from all the users at the same time. That is not easy for the network and generally results in poor performance for the end user.

While I can see whence your concerns arise, I think that you are taking an intentionally alarmist view. What is the likelihood that,

1) All, or at least a significant number of the Windows users in a given area will install and run this screen saver and,

2) All of the screen savers will kick in at the same time, and

3) In spite of what is suggested in the article, all of them will time it so that they attempt to simultaneously send a solid 3-4MB block of data?

For that matter, even if that IS the way that this thing works, the slow-down would, by definition, happen at off-peak when most users are away from their machines (hence the screen savers) and would thus resolve itself in 30-40 minutes.

[feren.livejournal.com]

You bring up good points, but I'm on my way to bed so I'll have to address them tomorrow. I did want to take a second to explain my vehemence on this issue, however.

[I think that you are taking an intentionally alarmist view.]

A year ago I might have agreed that I could be overreacting or behaving in an alarmist manner over something that probably will have little to no significant impact. However, in the last 12 months I and my staff have repeatedly been forced to track, quarantine and remediate the damage done by zombified/worm-infested machines within my employer's multinational network. I've seen what just six well-connected machines can do to a dual DS1 span -- that's over 3Mbit of symmetrical bandwidth, whereas your average residential cable modem has limits of 3Mbit down/256kbit up -- and from an engineering standpoint, it was not pretty. I'm hardly unique in this, as most other large companies and ISPs have undergone similar suffering. While one could argue that worms such as Nachi were malicious in intent and thus are not a fair comparison, isn't this screen saver ultimately of malicious intent as well? I see a lot of parallels here, along with some disconcerting new variables being added into the equation. There are too many questions right now (for example: how does one go about "calling off the dogs" when the provider shuts down the spammer? What, exactly, is the criteria to be listed as an attack-worthy site? What, exactly, takes place to confirm that a web site is okay to attack? What authentication of the "marching orders" to the clients is there? Where are the overrides for LAN administrators of small shops who pay on the 90th percentile and can't afford to have machines spewing packets onto the network when nobody is manning them? How does Lycos plan to remain competitive in "real time" to spammers hopping from one ISP to another? etc etc) that have been raised and answers are not forthcoming from Lycos in a manner that makes those of us in the network operating community at all comfortable.

This may seem a good idea on the surface, and aside from being a brilliant publicity stunt it certainly appeals to the "eye for an eye" sense of justice I am blessed with. However, placing the moral and legal issues aside for the moment and getting back on track... I don't believe that the average end user understands the potential technical ramifications of the endeavor they are about to undertake. And, as in so many situations like this that have come before (and ones that are occuring at this very moment, like the upcoming inclusion of RFID tags in US passports), these well-meaning people ultimately are going to hurt very few of the people they are targeting and will for the most part succeed only in shooting their own eyes out.

So yes, I do find it alarming to see that the article proclaims 20,000+ downloads in the first few days of availability for a client that brings your PC into the fold of a DDoS network, "white hat" though its intentions may be.