From: IntoTheFuture@hotmail.com   
      
   Hello,   
      
   (Anti-Distributed-Denial-of-Service-Attack-Alliance for Webhosters idea)   
      
   Webhosters could work together and couple their servers via special   
   software.   
      
   When a webhoster's servers come under attack from a DDOS it will ask for   
   help from other webhoster's servers. Perhaps just one at first to be able to   
   get a copy out.   
      
   The other webhoster servers will copy the files/websites which are under   
   attack from the victom webhoster. This other webhoster server will then add   
   itself to the DNS so that the DNS resolves to multiple ip addresses.   
      
   As the second web hoster comes under attack and is in danger of getting DDOS   
   it will ask again for help from another webhoster... perhaps the first one   
   as well... this procedure repeats until the DDOS is not effective anymore or   
   until all webhosters in the alliance have been consulted/requested for help.   
      
   When the attack is over the webhosters can slowly remove the copies at   
   random times in case another attack happens later on, in on on/off   
   fashion... when they remove the website they remove themselfes from the DNS   
   first as well.   
      
   Webhosters in the alliance could give other webhosters   
   pre-written-permission to add themselfes to DNS but only after a request has   
   been received, otherwise it's probably non of their bussiness.   
      
   If the attackers chose to attack many different websites then there is a   
   risk of copy explosions, so the websites which were under attack the longest   
   ago are removed first when the harddisks become full. So first in first out.   
   (This gives prevelance to the websites which are most recently under   
   attack.)   
      
   This alliance could ofcourse be abused by "cheap" webhosters which simply   
   have too little servers and too little bandwidth.   
      
   Thus webhosters in the alliance would need monitoring software and perhaps   
   alerts specially for this alliance feature/software.   
      
   Then they can monitor any abuse of the system. Perhaps ISP's could also be   
   included into the system to provide information about the system/webhoster   
   that is under attack to be able to verify if it's a true attack or just   
   being cheap.   
      
   Such monitoring requests would only be honered if the website under attack   
   gave permission to the ISP to monitor and send this information to others to   
   be able to prove that it's indeed under attack. If such approval was not   
   giving by the webhoster then it is assumed it's a fake and it's being cheap.   
   If the ISP does not want to work with the webhoster and does not want to   
   provide information then there is a problem, then it's up to the other   
   webhosters to make a guess if it's a genuine attack or being cheap.   
   Different solutions for this case are thinkable: defaults could be: 1. Copy   
   and disable manually later if doubts about genuine attack. 2. send alert and   
   ask for manual permission to copy 3. Deny a copy.   
      
   Once the attack is over this sharing-of-monitoring-information approval is   
   revoked.   
      
   And all can return back to normal.   
      
   Bye,   
     Skybuck.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)