> > > >Hang on now, that's too easy an example. I'm not THAT > >lenient. What I'm saying is that if Amazon normally > >does 1M$/day, and on the day od the DDoS attacks, > >they only do 800K$... but then do 1.2M$ the next day.. > >were there damages beyond investigative costs? > > > And E-trade, where *timing* matters a lot to their customers? > > --Steve Bellovin For E-trade, it makes a lot more sense that business would be lost that would happen then and only then (well, mostly... I'm sure some folks will still sell even after the stock dropped below what they meant to sell at.) It makes sense to punish the attacker exta on behalf of the customers of E-trade *IFF* E-Trade does something along those lines for normal outages. (I think they've had some, and I don't think they did anything for the customers, did they? Hmm..lesse, our click-wrap agreement says "Screw You.") All I want is for prosecutors, judges, and law enforcement to put some intelligent thought into what the damages really were. I still say the attacker couldn't have done 1.2B in damages, and that's the "crucifixtion" dollar amount. If someone decides that mapping out the Internet to produce nice-looking graphs constitutes a criminal port-scanning attack, you would want to have someone force the prosecutors to name reasonable damages, right? You wouldn't want some idiot fed saying "This guy attacked every single machine on the Internet for severl years, and caused trillions in damages." Ryan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:05:25 PDT