Mirrors Help Electoral-vote.com Blunt DDoS Attacks

Electoral-vote.com, a leading source of data on the American presidential race, reports having been hit by distributed denial of service (DDoS) attacks yesterday and today, which is election day in the U.S.

The site, which tracks state-by-state polling data to project the outcome of the presidential race, is operated by academic Andrew Tanenbaum, the author of the Minix microkernel. Minix was used by Linus Torvalds as he began to write the Linux operating system.

Tanenbaum reported that the electoral-vote.com site was "subjected to (a) massive attack yesterday (Monday)," he writes. "There was another attack this morning and that took some time to deal with. Remember that if the site is unreachable, try the backup sites." To accommodate the traffic, Tanenbaum worked with site host HostRocket to set up six mirrors, www.electoral-vote3.com through www.electoral-vote8.com. "At one point I was tempted to say: 'How many 2-GB Pentium 4's do you have left and can I have them all?'," Tanenbaum says. "Ultimately I took only one more, but with help from some kind-hearted colleagues, I got mirrors up and running from Boston to San Diego."

The U.S. president is not elected by popular vote, but rather through the Electoral College, which assigns votes to each of the 50 states according to population. Journalists and campaign strategists have been closely tracking state-level polls, which suggest that the contest between President George W. Bush and challenger John Kerry remains tight.

The electoral-vote.com site was also mentioned in a Slashdot posting Monday noting the unveiling of Tanenbaum as the site's Votemaster, which piled more traffic on top of the DDoS and heavy pre-election site usage.

"We survived an unprecedented triple flash crowd and logged it all," writes Tanenbaum. "As it turns out, two of the faculty members in my department, Maarten van Steen and Guillaume Pierre, are doing research on coping with flash crowds. The research issues include how many replicas to set up, where to place them, how fast to deploy them, and how to do it automatically, in real time, and at minimum cost. To simulate proposed algorithms, you need data about real flash crowds and real attacks, preferably at the same time. And boy oh boy do we have data now."