Monday, July 17, 2006
Zooomr - feeling a backlash?
Zooomr 2.0 is within a hair's breadth of launching, at long last. Delayed from it's original launch date on Friday night by a distributed denial-of-service attack, the Zooomr team have been working hard to strengthen their defences against such attacks. They promise the new site will launch soon - in the meantime, the countdown clock is stopped with one second to go!
The attack seems to be symptomatic of a wider feeling that Zooomr has been over-hyped. The comments to a recent TechCrunch story on Zooomr were rather harsh, if somewhat misguided (the main protagonist, Drew, seemed incapable of reading the article properly, believing it to have been written by a Zooomr staffer!). There were some negative comments to Zooomr blog posts discussing the incident.
The main feeling seems to be that Zooomr has had much more coverage than it deserves. I suspect this is due to the site failing to meet the early hype surrounding Zooomr and its founder, Kris Tate, by announcing ever more delays to the launch of the next new version. There's a lesson there!
For the interested, the details of the DDOS attack from Kris himself:
whomever was attacking us were not interested in bringing us down as much as it seemed that they wanted to cripple us. You’re right in that DDOS is a serious thing that takes many systems, but in this case, it would seem very clear to me and my NOC that the attack was coming from many Zombie Windows XP boxes in the wild.
Most of the attack was based on SYN-packet flooding. In affect, this kind of attack does not require umpteen amounts of bandwidth, but enough computers to keep many unused connections open to our systems.
In the end, it was hard to lock-down these attacks because as we started to in the wee hours of July 14th, the attacker was smart enough to start spoofing and mangling their packets to get past our protection layers.
The attack seems to be symptomatic of a wider feeling that Zooomr has been over-hyped. The comments to a recent TechCrunch story on Zooomr were rather harsh, if somewhat misguided (the main protagonist, Drew, seemed incapable of reading the article properly, believing it to have been written by a Zooomr staffer!). There were some negative comments to Zooomr blog posts discussing the incident.
The main feeling seems to be that Zooomr has had much more coverage than it deserves. I suspect this is due to the site failing to meet the early hype surrounding Zooomr and its founder, Kris Tate, by announcing ever more delays to the launch of the next new version. There's a lesson there!
For the interested, the details of the DDOS attack from Kris himself:
whomever was attacking us were not interested in bringing us down as much as it seemed that they wanted to cripple us. You’re right in that DDOS is a serious thing that takes many systems, but in this case, it would seem very clear to me and my NOC that the attack was coming from many Zombie Windows XP boxes in the wild.
Most of the attack was based on SYN-packet flooding. In affect, this kind of attack does not require umpteen amounts of bandwidth, but enough computers to keep many unused connections open to our systems.
In the end, it was hard to lock-down these attacks because as we started to in the wee hours of July 14th, the attacker was smart enough to start spoofing and mangling their packets to get past our protection layers.