Denial of Service attacks – who pays the piper?

Denial of service attacks are nothing new. I first wrote
about them in 2001 and even then they didn’t need much explaining – the electronic
equivalent of ringing the doorbell and running away.

Typically they’re used to shut down a website or knock a
service offline for a while. In the old days accidental DOSing became known as a
Slashdotting” after the US-based geek-centric website renowned for posting
news stories that included (gasp) links to source material which would then be
completely inundated with viewers and thus crash the system.

I managed to Slashdot the New Zealand Herald’s Australian
parent company
once by interviewing Ben Goodger, the Auckland-raised software
engineer behind Firefox. The Aussies had decided to host most of its
Aussie-based content in New Zealand but after the Goodger interview made it to
Slashdot, most of the international capacity they’d booked was soaked up with
US viewers clicking through to the Herald site. Hilarity ensued, I can tell

These days of course it’s quite an underpowered website that
gets slammed in such a fashion. Most have nimble IT teams that can scramble
some extra resources if needs be and with mirrors, caches and content farms dotted
around the planet, it’s unlikely that most sites will suffer the embarrassment
of being crushed like a bug under the weight of overwhelming demand.

Individuals and small organisations, however, are not as well-endowed
and unfortunately if someone wants to slam them with more traffic than they can
handle, they’re likely to be knocked offline for a while.

And it doesn’t stop there because then there’s another
problem – who pays for the data sent to you?

Typically you pay because you’re the one with the internet
connection. Normally, you or your staff would be requesting content to be
delivered to you (websites, email, cat videos) or sending stuff out yourself –
but when the traffic is unwanted you may find yourself on the wrong side of a
steep bill.

The ISP billing engine can’t differentiate between unwanted
traffic and someone at your end downloading something large, which means it’s
all delivered to your door whether you want it or not.

One TUANZ member has been slammed in such a way and received
a hefty bill to boot – thankfully the ISP in question is willing to go halves
but even so, it’s a nasty surprise (and wouldn’t any reasonable ISP either wipe
the charges completely or just bump a valued customer up to the next plan size
for the duration?).

I’d expect to see more of this once we are all moved over to
fibre and the kiddies find out they can cause this kind of havoc.  As our correspondent notes:  “A DOS attack pinging people using 50Mbit/s each way can consume
10MB per second – 600MB per minute, 36GB per hour, 864GB per day” which would
soon hit a multi-thousand dollar phone bill for an unwary customer.

problem is that even if you as an end user take all the relevant precautions
(antivirus up to date, no unauthorised apps allowed on the network, firewall
blocking such traffic) you’ll still get stuck with the bill for traffic being delivered
that you probably don’t want.

encourages members to talk to your providers about what obligations there are
on both sides with regard to this kind of activity and to make sure you’re
covered in such a situation.

you been stung for excess charges in this kind of situation? Let me know.