Todd Underwood on BlueSecurity DDoS

Renesys Blog: The Bluesecurity Fiasco — in which Todd Underwood, CSO for Renesys Corporation, applies some real-world knowledge of how the internet works to the “timeline of events” press release, issued by BlueSecurity as part of their ongoing PR about the DDoS.

Judging by the comments at Slashdot, this really needs to be more widely read.

Here’s some highlights:

The timeline from BlueSecurity […] is frustratingly vague. It uses phrases like ‘tampering with the Internet backbone using a technique called “Blackhole Filtering”.’ As Thomas Pogge, a philosophy professor of mine, used to say: that’s not even wrong yet. There is no “Internet backbone”, there is no technique known as “Blackhole Filtering”, and blackhole routing is not normally described as tampering. So the whole explanation is nonsense. […] Let’s clear one thing up for the press and everyone else: this event just wasn’t that interesting. The attack against bluesecurity was a run-of-the-mill denial of service attack.

His conclusion:

I believe that the PR engine from BS is in overdrive spinning this event as fast as they can. But the concrete facts being put out by them simply to not add up. In the process they seem to be doing two things: 1) trying to imply or state that someone at UUnet was bribed by a spammer. This is simply ridiculous. I know many of the people who work for UUnet and they are honest, hardworking and extraordinarily clever people. They would not be crooked, or stupid, enough to do such a thing and if they were, they would have been trivially caught by change-management procedures. Moreover, such a change at UUnet (or BTN) wouldn’t have caused the event BS claims to have witnessed anyway. Additionally, 2) BS is trying to deflect attention from the damage that they caused at Six Apart. It would be much better if they could just claim ignorance of the DOS, apologize and move on. I recognize that that isn’t going to happen, but it sure would make this whole thing easier to handle.

Well said.

Of course, this is pretty much immaterial — the people who are using Blue Frog, and vocally supporting Blue Security, don’t really care what happened. All they care about is that someone is taking some kind of direct action against spammers, in some way or another, and if there’s a little “friendly fire” and some bending of the truth, why, this is a war! What, do you support the spammers?

It’s disappointing — the amount of disinformation being successfully pumped out (and accepted!) on this story is massive.

This entry was posted in Uncategorized and tagged , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.


  1. Posted May 9, 2006 at 21:50 | Permalink

    But what if PharmaMaster DID attack Blue Security as they said? The timeline gives details on the blogs, and I was an eyewitness on the blog. I looked at some posts on the redirected blog, and about 5 or 10 minutes later the server stopped working. So, no, the attack wasn’t REDIRECTED at Six Apart because there was NO ATTACK in the first place! (on the www servers, that is). It was only AFTER the blog explained the situation, that the Six Apart server was flooded.

    I mean guys, we’re talking about spammers here. And is it wrong that Blue are pushing their PR as much as they can? Look, if Six Apart is NOT pressing charges against Blue Security, why should we?

    It seems to me that you’re treating Blue as if they were the bad guys here. Sure, go ahead, blame the victim.

  2. Posted May 9, 2006 at 21:52 | Permalink

    Oh, guess what. I’m the one you copied-pasted! Hi guys! (waves) :)