Page 2 of 2

The DDoS attacks against the company's dedicated servers meanwhile resulted in service disruptions to five hosting providers and major DNS service provider Tucows, he said.

Pointing the company's main URL to the Blue Security blog site on Six Apart when it was under attack may not have been the best idea, Reshef said. But at the time, the company had little idea that the attacker would launch a separate denial of service attack on the blog site as well.

Todd Underwood, chief operations and security officer at Renesys, a Manchester, N.H.-based Internet monitoring company, said that based on traffic analysis, Blue Security's main Web site appears to have been under a DDoS attack for at least two days before it redirected its URL to the blog.

"I do think if you are under attack it is your duty not to redirect it against someone else," Underwood said. "It is not a fair or an ethical decision," he said, adding that it is hard to imagine that Blue Security didn't know it was being hit with a DDoS attack when it pointed its URL to the blog site.

Underwood also said that it was unlikely that a spammer would have been able to get an individual at a major ISP to install a "no route" to Blue Security, as Reshef claimed. "These are not the kind of networks where people can sneak in and make routing configuration changes" without logging that change or discussing it with others, he said. "The suggestion that some Russian spammer could bribe someone to install a no-route" is hard to believe, he said.

John Levine, chairman of the Internet Anti-Spam Research Group, said that other antispam efforts have been similarly targeted as well. But they did not involve an ISP. And neither did those who were attacked respond like Blue Security did, he said. "If you know you are under a DoS attack, pointing your DNS at other parties is irresponsible," he said.

For more enterprise computing news, visit Computerworld online. Story copyright © 2006 Computerworld, Inc. All rights reserved.

---