A posting from Naked Security about DDoS-for-hire service is legal: Paying a site to DDoS other sites is perfectly legal, the proprietor behind one such outfit told security journalist Brian Krebs.
Besides which, he says, his service, called RageBooter, even features a nifty backdoor that lets the FBI monitor customer activity.
The conversation took place recently between Krebs and Justin Poland, the US man from Memphis, Tennessee whom Krebs sniffed out via WHOIS lookup and Facebook.
According to Poland, DDoSing the beejezus out of sites is perfectly legal/justifiable/morally kosher because:
- It’s “a public service on a public connection to other public servers”;
- His service merely takes advantage of default settings of some DNS servers; and
- Spoofing a sender address is legal and OK because if a root user of the server doesn’t like it they just have to disable recursive DNS.
Regarding item No. 3, recursion is the act of querying additional DNS servers to resolve queries a DNS server can’t resolve from its own database.
To read more click here: