Oddbean new post about | logout
Luke Dashjr | 11 months ago (raw) | root | parent | reply | flag 
 Yes, the same applies to the Ordinal DDoS. Most of the spam is sent by people they're fooling, not the attack originators themselves.
ek | 11 months ago (raw) | root | parent | reply | flag 
 Mhh, interesting take. But you could still say that these people voluntarily participate in this. And they also voluntarily pay the fees. At least that's how I see it.

O
ek | 11 months ago (raw) | root | parent | reply | flag 
 Ignore the "O" at the end. No idea how that ended up in there.
sankthoshi | 11 months ago (raw) | root | parent | reply | flag 
 I don’t get the reasoning. Why should DDoS require that the bills do not get paid? I am pretty sure activists have done it before without bot networks.
ek | 11 months ago (raw) | root | parent | reply | flag 
 Because effective DDoS uses massive bandwidth that you don't just have access to as an individual or company or whatever. No one needs so much bandwidth so no one would get so much bandwidth is my educated guess.

"A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices."

-- https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/

So I would say citation required to "I am pretty sure activists have done it before without bot networks". I tried searching for "DDoS without botnet", but all I find is search hits about how to do DDoS with botnets. And I am talking about effective DDoS. Not DoS.
sankthoshi | 11 months ago (raw) | root | parent | reply | flag 
 https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon
ek | 11 months ago (raw) | root | parent | reply | flag 
 From your link:

"LOIC attacks are easily identified in system logs, and the attack can be tracked down to the IP addresses used."

So I don't consider this to be effective DDoS. I consider Cloudflare to be a more authoritative source on this matter.

Also, where is the source that activists used this? Were they successful using LOIC?
ek | 11 months ago (raw) | root | parent | reply | flag 
 Okay, I think you're referring to the "Notable Uses" section. Fair point then.

But I still don't think that this is what most DDoS attacks use. Most DDoS attacks use botnets, as mentioned by Cloudflare.

The "Countermeasures" section also mentions that LOIC isn't really effective if the company you're attacking knows that they are doing.