> I don't think the analogy to a ping attack is a particularly fair > one. Yes, from the perspective of an innocent third user, they > look the same, perhaps, but they aren't.
??? In both cases, normal function of the "innocent" guest is disrupted by a force beyond it's control through no fault of it's own. The function is disrupted by a lack of shared resources available to the "innocent" guest due to trying to service what appears to be "legitimate" resource requests to another theoretically "innocent" guest. > If the attack were made > through some sort of security gate that defaults to "closed" state > which the sysadmin had accidentally opened and left open, I think > that would be a more fair analogy. Quibbling over details, > perhaps, but there is an important difference. Network floods have nothing innately to do with security states. You can produce exactly the same effect within a local segment with no outside connection, FW or any other "security" gates involved (misconfigure any DECnet device that boots via MOP and see what happens), so I don't see the subtle difference here -- one device banging out traffic without regard for other systems on the same network segment starves access to the other systems on the same segment, denying them the ability to function normally. Barks like a duck, swims like a duck, it'll do for duck soup, as a friend of mine says. But, as you say, let's concentrate on fixing the problem, not blaming the symptoms.