Writing

Evolution of DDoS — the book ships

By · Published
ddos ddos-book publishing writing

Evolution of DDoSthe book project that has occupied substantial sustained effort across 2007 — has been published. The cumulative writing, drafting, editing, and production work is now complete; copies are available; the project is in the field.

This is a longer post because the book project has been substantial work and the cumulative trajectory deserves recording.

What the book is

Evolution of DDoS is a practitioner-targeted book on distributed denial-of-service — the threat trajectory, the attack patterns, the defensive responses, the structural conditions that produce DDoS as a sustained category.

The cumulative content covers:

  • The structural framing — what DDoS is, why it matters, how the threat has evolved across the past decade. The material draws on cumulative observation, cumulative reading, cumulative incident response across multiple operational contexts.

  • Category-specific treatment — commercial-cybercrime DDoS, politically-motivated DDoS (the Estonia pattern most recently), specific other categories. Each gets explicit structural framing.

  • Technical chapters addressing attack types, infrastructure, traffic patterns, specific operational details. The material draws substantially on cumulative honeypot observation.

  • Defensive chapters addressing what works, what does not, what the cumulative trajectory suggests will work. Specific operator-level, carrier-level, and industry-level defences.

  • Case-study chapters on specific historical incidents — Estonia, the gambling-operator extortion campaigns, specific commercial incidents. The material balances technical detail with appropriate operational confidentiality.

  • Forward-looking chapters on where the trajectory is going, what defensive responses will be needed, what structural changes are necessary.

The cumulative book is approximately 350 pages; the cumulative writing has consumed substantial time across 2007.

What the writing process taught

Three observations from the cumulative experience.

The notebook archive was substantial substrate. Specific posts across multiple years informed specific book sections. The cumulative weekly-writing discipline produced material that book-length work could not have produced de novo. The cumulative compounding was operationally meaningful.

Book-length writing forces structural thinking that weekly writing does not. Specific arguments that work in weekly-post format require explicit structural framing in book-length treatment. The cumulative effect on my own thinking about DDoS has been substantial.

The audience consideration shifts. Notebook readers self-select for sustained engagement; book readers may not. Specific framing decisions, specific introduction-to-context discipline, specific cumulative readability work — all needed sustained attention.

The cumulative writing experience has been the most substantial sustained writing project I have undertaken. The cumulative effect on subsequent operational thinking is meaningful.

What I am hoping the book does

Three specific intents.

Provide practitioners with substantive structural framing. Specific operators should be able to use the book to think about their own DDoS posture; specific cumulative patterns should inform specific operational decisions. The cumulative effect on the practitioner community is the primary intent.

Inform broader policy conversations. Specific structural conditions that produce DDoS — bot-substrate growth, cumulative defensive coordination gaps, specific economic asymmetries — deserve wider conversation. The book may inform specific subsequent policy discussions.

Document the trajectory at this point in time. Specific 2007 conditions will not persist forever; the cumulative archive of trajectory documentation has structural value. The book is one snapshot; subsequent updates may follow if the trajectory warrants.

The cumulative ambition is bounded. Books in this category sell modestly; specific cumulative impact is gradual; specific subsequent generations of practitioners may benefit more than the immediate audience.

What I am doing now

For the immediate book activity:

  • Specific reading-group responses; specific reviewer feedback; specific corrections for any future printing.
  • Specific public discussion through specific subsequent conferences and writing.
  • Specific operator-level conversations with peers.

For the day job at Gala Coral:

  • Continued CISO operational work.
  • Specific application of book content to operational decisions.
  • Specific cumulative discipline.

For the notebook:

  • Continued weekly cadence. The book-writing intensity is now over; specific subsequent post cadence returns to normal.
  • Specific subsequent topics will reference book content where appropriate.
  • The cumulative archive continues growing.

What I am paying attention to

Three things over the next 12 months.

Specific reception in the practitioner community. Specific feedback through subsequent conversations. The cumulative reception will inform subsequent decisions about further writing.

Specific events that the book's framework predicts. 85% probability of meaningful predictive validation. The cumulative trajectory the book describes should produce specific subsequent incidents that fit the framework.

Specific subsequent writing decisions. Specific assessment after the book has been in the field for some months. Whether to write a follow-up, an update, or move to other topics depends on the cumulative reception.

A reflection on the trajectory

Writing a book has been on the cumulative agenda for years. The specific catalyst — the DDoS-extortion category emerging in 2004, the cumulative observation through years at multiple operational contexts, the specific operational role at Gala Coral — produced the conditions for substantive sustained writing in 2007.

The cumulative process from initial drafting in January through publication in late November has been substantial. The cumulative effect on my own operational thinking has been meaningful; the cumulative effect on the broader practitioner community will be bounded but real.

For practitioners considering similar long-form work: the cumulative weekly-writing discipline supports book-length work in ways that are not obvious at the start. The investment in sustained weekly writing pays back substantially when book-length work becomes the appropriate next step.

For my own continued discipline: the notebook continues. Specific subsequent posts will inform; the cumulative archive grows; the cumulative trajectory continues.

A thank-you

Specific reviewers, specific colleagues, specific correspondents who provided feedback through the writing — thank you. The cumulative input from the practitioner community made the book substantively better than my own work alone could have produced.

For specific readers who pick up the book: thank you. The cumulative reading discipline that supports our shared field is what makes book-length work in this category viable.

More in time.

Back to all writing