In message <Pine.GSO.4.10.10002181352090.20196-100000at_private>, R yan Russell writes: > > > > > > >Hang on now, that's too easy an example. I'm not THAT > > >lenient. What I'm saying is that if Amazon normally > > >does 1M$/day, and on the day od the DDoS attacks, > > >they only do 800K$... but then do 1.2M$ the next day.. > > >were there damages beyond investigative costs? > > > > > And E-trade, where *timing* matters a lot to their customers? > > > > --Steve Bellovin > > For E-trade, it makes a lot more sense that business would be lost that > would happen then and only then (well, mostly... I'm sure some folks will > still sell even after the stock dropped below what they meant to sell at.) > It makes sense to punish the attacker exta on behalf of the customers of > E-trade *IFF* E-Trade does something along those lines for normal outages. > (I think they've had some, and I don't think they did anything for the > customers, did they? Hmm..lesse, our click-wrap agreement says "Screw > You.") > > All I want is for prosecutors, judges, and law enforcement to put some > intelligent thought into what the damages really were. I still say the > attacker couldn't have done 1.2B in damages, and that's the "crucifixtion" > dollar amount. > > If someone decides that mapping out the Internet to produce nice-looking > graphs constitutes a criminal port-scanning attack, you would want to have > someone force the prosecutors to name reasonable damages, right? You > wouldn't want some idiot fed saying "This guy attacked every single > machine on the Internet for severl years, and caused trillions in > damages." Absolutely. I'm merely saying that denial of service can cost real money. That normal outages are a problem is between the customers and E-trade, with whom they have a contractual agreement. They have none with whoever blocked the line. --Steve Bellovin
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:14 PDT