okay - so they may have deserved it - the article is an excellent technical discussion of an attack - and if any of you blowhards had bothered to read it you might learn something.

This was a very clever attack using completely different techniques - they were able to fool Verio, Qwest, and Above.net's core routers into doing their dirty work. These guys are far from script kiddies.

no skin off my azz that you are all too cool to read something.

"In other words, a malicious hacker located somewhere else on the Internet, was SYN FLOODING INTERNET ROUTERS with TCP connection-requesting SYN packets. Those SYN packets carried the fraudulent (spoofed) source IP belonging to grc.com. Therefore, the routers believed that the SYN packets were coming from us, and they were replying with SYN/ACK packets as the second phase of the standard TCP three-way connection handshake.


Malicious SYN packets were being "Reflected" off innocent bystanding TCP servers. Their
SYN/ACK responses were being used to flood and attack our bandwidth.

...

Since the malicious hacker's SYN packets were aimed at the intermediate routers' port 179, any reflected packets would be originating from that port.
Verio's engineer added a "filter" to the aggregation router servicing our Internet connection to block (drop) any packets inbound to us from port 179. The flood of packets coming in from port 179 immediately stopped.

...

With the routers traffic blocked, we were now being flooded by a SYN/ACK packets pouring in from ports 22 (Secure Shell), 23 (Telnet), 53 (DNS), and 80 (HTTP/Web). There were also some packets coming from port 4001 (a proxy server port) and 6668 (IRC chat). "