Nate Carlson wrote: >On Tue, 20 Aug 2002, nate at refried.org wrote: > > >>The portion of the article I though would be "value add" was the >>honeypot system that they set up to try to find RIAA snoopers. It >>looks for a correspondence between hits in their honeypot to attacks >>on their network. >> >> > >How I read it, the honeypot watches for _anyone_ searching for copyrighted >music, and blackholes them from their network. So if an innocent user is >searching for britney_spears-newest_hits.mp3, and tries to grab it, >they'll be blacklisted. Sounded like something to keep RIAA from sueing >them, to me.. > Actually I think it watches who searches the site and then looks for attempts to 'attack' the site, and only then, does it put you on the blacklist. Of course this is easy to work around - you simply have to do your searching from a different IP address/subnet from the one you use for the attack/dos/etc. to prevent the ISP from correlating the two events. The question is whether they can make their approach sufficiently sophisticated that your defense blocks out a large number of legitimate users, i.e. you DoS yourself. --rick