[thedevelopment]

Imagine if this was combined with the iPhone worm from a few months back. It'd essenially pingflood all phones exposed on the telco networks and screw thousands of people in excess changes without them even knowing something was going on.

This worries me greatly. (puts iPhone on WiFi mode)

[angusgr]

I didn't put this in the blog post, but hypothetically speaking you would not even need a worm.

A person would need an ISP account where you don't get limited on uploads (like Internode, or most non-Australian ISPs, for instance.)

A person would need to spoof the ping return address, so the ping never comes back to them. Or spoof a UDP stream where the ICMP port unreachable never comes back (or don't spoof it, and put up with 32 bytes of download for every 64k sent.)

Then, the person just starts sending and people start accruing costs.

I'm not advocating that someone should do this. I'm just worried that they might choose to.

[thedevelopment]

This just strikes me as so very open to malicious attack. That I can scan networks to find smart phones on Virgin (or other networks), and do no more than a ping flood those IPs to incur thousands of dollars in excess charges to a unwitting person.

It takes the term Denial Of Service attack to an entirely new level of bad.

[bshep]

if that happened they probably have to fix the problem ;-)