>Bruce,
>
>I only know enough about this to be familiar so you might have to find an expert somewhere, but my understanding is that its a matter of effeciency, and detectability.
>
>DoS attacks, because they work at the Transport layer (TCP and UDP are transport protocols) affect ANY Internet machine. Also, the spoofing of the IP Addresses in the header allows the perpetrator to hide their location. If you were to initiate an SQL session intended to tie up a machine, A)it would be detectable because the packet origins could be known, B)Only affects machines that are running the Server you are attacking, C)Would require a more significant investment of machine resources by you the attacker, etc.

Okay, thanks for the rundown. (C) would seem the most difficult obstacle, then, since they are already pretty clever at A (mazing & hiding), & B still could fit well enough into their attack design). But I might add D) some of these sites require a logon to access the searches, so the targets are more limited.

However, who knows what the future will bring? Once the good guys get a good handle on this latest technique, another method is certain to come along...