Suppose malware appends a bogus entry to an infected machine's /etc/hosts (or more likely, MSwindows' \windows\blahblah\hosts file). (This constitutes a DNS attack on the appended domain name, exploiting the local hosts' name-resolution prioritization.) If the appended IP address points to the same victim (66.66.66.66) on all the virus-infected machines, and the appended (redirected) domain name is popular ("google.com" for instance) then you get a DDoS attack on the appended IP host 66.66.66.66 that grows as the viral infection spreads in the population. You also get a DDoS on the popular domain name ("google.com") you've redirected. If the victim IP address were a router just upstream of the victim domain name, its extra fun for the victim domain --not only are they unavailable on infected machines, but clients pound their upstream when they try to connect. Thoughts? Has this ever been suggested or implemented? --- In "The Wild One" bikers mount a DoS attack on a router: her name is Dorothy and she works at a plugboard. ca 1954