Taking a graduate course on network security right now, and reading a paper on inferring DDoS activity on the Internet. One of the things I’ve learned is how innocent third-parties are often involved in DDoS attacks.

Basically, one method for launching a DDoS involves reflecting packets off a third-party and towards the victim. The packet is sent as if it were coming from the victim, so the third-party server responds to the packet by sending a response packet to the victim. If the third-party is hit hard enough by this reflective attack, it itself might be brought down. An attack rate of only 500 packets per second is enough to overwhelm a server.

Collateral damage is an ugly thing.

I’m wondering whether any of the DDoS attacks we’ve experienced at Photoblog over the years have been reflective attacks. This is also why you shouldn’t take offense if you’re ever brought down at a DDoS. It doesn’t always mean someone is intentionally attacking you. It could just mean you were the random IP selected when the attacker chose random IPs across the IP address space.