Weekly Edition
Return to the Announcements page
| |||||||||||
SCO press release on DDOS attack
It is a rare business which sends out press releases when its computers come under
attack. The SCO Group, however, has done so,
noting that its web site has been off the net for most of the day due to a
distributed denial of service attack. The company is, for now, refraining
from blaming the Linux community.
(Log in to post comments)
SCO press release on DDOS attack Posted Dec 10, 2003 13:37 UTC (Wed) by jeremiah (guest, #1221) [Link] It's wrong wrong wrong, but it sure does make me smile.
SCO press release on DDOS attack Posted Dec 10, 2003 14:40 UTC (Wed) by hamjudo (guest, #363) [Link] It's wrong wrong wrong, but it sure does make me smile.The Reuters report is much less wrong: SCO said site was attacked, brought down SCO hasn't released any evidence that the site was attacked. If you look at the Netcraft minute-by-minute reachability chart, you'll see that www.sco.com was responding quickly up until the minute it was pulled off the net. If there was an attack, there isn't any evidence that the folks on Groklaw could find.
SCO press release on DDOS attack Posted Dec 10, 2003 15:08 UTC (Wed) by xorbe (guest, #3165) [Link] I don't think it would be that hard to launch all zombie machines within 60 seconds of each other. Heck, run ntp on them all, and set the DoS time. They'll all start within the second.
SCO press release on DDOS attack Posted Dec 10, 2003 17:05 UTC (Wed) by rjamestaylor (guest, #339) [Link] Ok, how about this:The IP address of ftp.sco.com is 216.250.128.13. The IP address of www.sco.com is 216.250.128.12 - which is the one that is "attacked".Source: Authored by: eamacnaghten on Wednesday, December 10 2003 @ 05:08 PM EST
SCO press release on DDOS attack Posted Dec 10, 2003 18:29 UTC (Wed) by dbhost (guest, #3461) [Link] "All in all the "facts" do not make sense here. Either SCO (or the web hoster) is incompetent,"I don't think it would be their web host. And to be honest, Caldera Open Linux had a reasonable reputation for security, which should have meant that those that produced the distribution understood how to configure it... Perhaps all the technical people have been laid off and all they have now are executives with bad hair and lawyers.
SCO press release on DDOS attack Posted Dec 10, 2003 18:35 UTC (Wed) by xoddam (subscriber, #2322) [Link] It looks like Netcraft's uptime pages have themselves been hit by a DDOS. Or Slashdot, perhaps.
SCO press release on DDOS attack Posted Dec 10, 2003 13:38 UTC (Wed) by tgb (guest, #745) [Link] I do hope the irony isn't lost on SCO, where in the same press release as they state their website is down, they then invite people interested in knowing more about SCO to... visit their website.
New business objectives Posted Dec 10, 2003 13:40 UTC (Wed) by Spike (guest, #14160) [Link] I took the liberty to re-write the SCOX business description to better reflect the real SCOX.The SCO Group (Nasdaq: SCOX - News) helps millions of customers in more than 82 countries to grow it's business everyday through litigation, and racketeering solutions. Headquartered in Lindon, Utah, SCO has a worldwide network of more than 11,000 Paralegals and 8,000 Lawyers. SCO Legal Services provides Fear, Uncertainty, and doubt to all partners and customers. For more information on outdated SCO products and services visit http://www.sco.com.
The IT media needs SCO's web site. Posted Dec 10, 2003 14:06 UTC (Wed) by dmarti (subscriber, #11625) [Link] A denial of service attack on its web site is the best thing that can happen to The SCO Group. The facts that substantiate the falsehood of SCO's legal claims are on the SCO web site. The information technology media need to be able to get to it. For example, the web site showed the departure without replacement of SCO's Senior Vice President, Engineering and Global Services, Opinder Bawa -- who was later found to have sold all his stock in the company. On the web site, SCO refers to the announcement that Hewlett-Packard has indemnified its Linux customers -- and HP's due diligence is the best evidence yet that SCO has no case. With access to both Unix and Linux source code, HP would have been in a position to find any infringement, and apparently found none. SCO has even paid a 10,000 Euro fine because of deceptive statements on the site. Attacking the web site can only add another 10,000 Euros to SCO's bottom line, or prevent the authorities in Australia and other jurisdictions from taking action in response to SCO threats that are illegal there. In a press release regarding the latest DoS attack, spokesperson Blake Stowell characterized The SCO Group as a "legitimate business." Like most observers familiar with the company, I disagree with this assertion. But every day that the SCO web site stays up is another step toward putting SCO out of its misery, and ours. Don Marti
The IT media needs SCO's web site. Posted Dec 10, 2003 14:22 UTC (Wed) by vblum (subscriber, #1151) [Link] Seconded.However, not for the reason that it is convenient to have SCO around. That is invaluable as pointed out, but beside the point here. It must be clear that the Linux community are not the criminals in this game. Anyone that helps SCO portray us as such needs to be stopped. As fast as possible. Whoever did this is providing SCO with the most valuable assistance possible. I refuse to be bunched together with that kind of people later on.
The IT media needs SCO's web site. Posted Dec 10, 2003 15:27 UTC (Wed) by ballombe (subscriber, #9523) [Link] I am with you here.The purpose of this kind of attack is to spread fear, uncertainty and doubt. We all know who patented FUD as a business method.
The IT media needs SCO's web site. Posted Dec 10, 2003 15:54 UTC (Wed) by LogicG8 (guest, #11076) [Link] Ironically I believe it was IBM...The term FUD was coined by a former employee Gene Amdahl about IBMs marketing tactics. Businesses can't be trusted. Always
FUD: a living definition Posted Dec 11, 2003 12:59 UTC (Thu) by jre (guest, #2807) [Link] True.It bears noting, though, that ESR has found it necessary to acknowledge a hierarchy of evil in updating the definition of FUD maintained in the Jargon Files.
The IT media needs SCO's web site. Posted Dec 10, 2003 16:25 UTC (Wed) by krash (subscriber, #2689) [Link] Nice press release of your own there Don.:) Unfortunately we can't help it if the damn lawyers are too stupid to know how to keep a Web server running or if they just decide to turn it off for effect. ;)kr
The IT media needs SCO's web site. Posted Dec 11, 2003 2:57 UTC (Thu) by ekj (subscriber, #1524) [Link] SCO has even paid a 10,000 Euro fine because of deceptive statements on the site.Not quite. Linuxtag in Germany complained to german court that SCO was repeatedly making claims harmful to their bussiness, yet seemed unwilling or unable to back them up with any evidence. The court ordered SCO to either show evidence that the claims where (likely to be) true, or else, stop making them. SCO choose, of their own volition, to not even attempt to document the claims, but instead to remove all of them from all german communications, including their website www.sco.de Later, someone discovered that they'd done a poor job of scrubbing the website clean, a few pages with negative claims about Linux remained. It was for this breach of the courts order they where fined 10000 €. So you're sorta rigth. The claims *are* deceptive. And they *where* fined for still having them there. But they where'nt fined 'cos the claims where deceptive (nor has the court recognized them as such) They where fined because the claims where still there, and the evidence absent, after a court ordered them to put up or shut up. What buggers me is that something similar cannot be done in the US. It'd be a enormous improvement if SCO would be ordered to stop making ridiculous claims until such time as they are atleast willing to attempt to substantiate them.
SCO press release on DDOS attack Posted Dec 10, 2003 14:08 UTC (Wed) by chill633 (guest, #16013) [Link] Does SCO host its own servers? Is it SCO that is under attack, or thehosting provider? I've had a couple of sites I host taken offline by DDOS attacks, but they weren't against me, they were against my co-lo facility. The whole netblock was under attack. It could be coincidence. Does anyone have any ideas how many small DDOS attacks go on daily? By small, I mean affecting a small number of IPs. -Charles Hill
SCO press release on DDOS attack Posted Dec 10, 2003 14:27 UTC (Wed) by stef70 (guest, #14813) [Link] My web site was down several times during the last month!Hemmmm! No! wait! that was just because my hosting company sucks!
SCO press release on DDOS attack Posted Dec 11, 2003 11:54 UTC (Thu) by gleef (guest, #1004) [Link] No, SCO doesn't host it's own web servers. There's three likely companies that might be hosting them (different evidence points to different companies). XO, Center7 and Noorda Family Trust. Center7 is a Canopy company like SCO. NFT is, of course, also closely connected with the Canopy Group. For what it's worth, at the time of the alleged attack, packets to www.sco.com(216.250.128.12) were being routed to XO and stopped. Packets to ftp.sco.com(216.250.128.13) were passing through XO. XO was contacted directly and reported having no problems. Also, for what it's worth, while the FTP server was up for hours during the "attack", it appears to be down now.
SCO press release on DDOS attack Posted Dec 10, 2003 14:22 UTC (Wed) by einstein (subscriber, #2052) [Link] It could be a coaltion of angry investors - from what I hear, the tar is warming up and the feathers are being gathered, in preparation for the next phase of the investor action.
SCO press release on DDOS attack Posted Dec 10, 2003 15:08 UTC (Wed) by allesfresser (subscriber, #216) [Link] Let the greedy bring the greedy to judgement, eh? :-) How poetic.
SCO press release on DDOS attack Posted Dec 10, 2003 23:26 UTC (Wed) by sward (subscriber, #6416) [Link] Well at least it'd be a jury of their peers...
SCO press release on DDOS attack Posted Dec 10, 2003 14:35 UTC (Wed) by alan (guest, #4018) [Link] "This specific type of DDoS attack, called a "syn attack," took place when several thousand servers were compromised by an unknown person to overload SCO's Web site with illegitimate Web site requests. The flood of traffic by these illegitimate requests caused the company's ISP's Internet bandwidth to be consumed so the Web site was inaccessible to any other legitimate Web user."This is unreal, if I didn't know any better I would think it came from The Onion. Unfortunately it did not.
SCO press release on DDOS attack Posted Dec 10, 2003 15:12 UTC (Wed) by xorbe (guest, #3165) [Link] Yeah, isn't a syn attack where you tie up one machine's network stack with relatively low bandwidth? (Using even just one machine for the attack?)
SCO press release on DDOS attack Posted Dec 10, 2003 14:45 UTC (Wed) by parimi (subscriber, #5773) [Link] We deplore these activities by those who try to intimidate or harass legitimate businesses through cyber terrorist tactics while hiding their true identitySince when has SCO started assuming that it is doing legitimate business?
Here comes a delay Posted Dec 10, 2003 14:51 UTC (Wed) by Ken (guest, #14505) [Link] I see SCO claiming they need to delay complying with discovery because of this. Note that they specifically say it affected their internal network. I hope this can be a proven as false or self inflicted and the judge takes action on it.
Here comes a delay Posted Dec 10, 2003 15:13 UTC (Wed) by vblum (subscriber, #1151) [Link] Oh, good point. Especially since the intranet claim stinks - do they not own a firewall? Or did the DDoS attack really target their utilities company and backup generators?
Here comes a delay Posted Dec 10, 2003 15:14 UTC (Wed) by Ross (subscriber, #4065) [Link] Yeah, that's really the weakest part of the claim. How a SYNattack against the public webserver would shut down the internal network is unclear. Maybe they don't use a DMZ for publicly provided services?!
SCO press release on DDOS attack Posted Dec 10, 2003 15:09 UTC (Wed) by chalstead (guest, #15106) [Link] www.sco.com is still unreachable (by me anyway), but ftp.sco.com comes up lickety-split - the IP addresses of the two are on the same subnet, one address apart (.12 and .13). Doesn't sound to me like a 'bandwidth consuming' DDoS attack.And how do they let any purported DDoS attack on their web site disrupt their intranet??? What kind of morons would they have to be to architect that kind of co-dependency???
SCO press release on DDOS attack Posted Dec 10, 2003 15:35 UTC (Wed) by oseemann (subscriber, #6687) [Link] yes, and the mail server is up, too.sco.com. 21600 IN MX 10 mail.ut.caldera.com. Connected to mail.ut.caldera.com. so i hope they dont try to claim that their external communication was affected, too.
"syn attacks"? Posted Dec 10, 2003 16:06 UTC (Wed) by mbp (guest, #2737) [Link] It sounds like they're talking about a syn flood attack. Syn floods are a problem that was basically solved by SYN Cookies in Linux, BSD and other systems as much as seven years ago. I haven't heard of such an attack in years, because they don't really have much effect on a modern kernel. The fact that they were ever possible was really just a misdesign in early stacks. (Completely understandable and forgiveable of course; the internet used to be a more friendly place.)I think it's pretty damn funny that even when SCO are trying to paint themselves as victims they're really just showing that they're seven years behind the times. As Mozilla says, "cookies are a delicious treat". No cookies for SCO customers though.
Let's collect this Posted Dec 10, 2003 16:30 UTC (Wed) by vblum (subscriber, #1151) [Link] Let's collect the facts from the thread:- SCO claims publicly that their website, "intranet", etc were disabled; focuses on "intranet" in subtitle(!) of press release - this is not an afterthought. - A "syn attack" was seemingly never heard of. Their system (running Linux) should not be vulnerable to a "syn flood attack" - It is not understandable how a defacement of the company web server should affect the company's intranet. Within five minutes, the attack from the internet should be stopped by pulling the plug. - Furthermore, the SCO web site does not seem to be hosted by SCO. Unless they run their intranet externally also, there can be no connection. - Their ftp and mail servers are up and running throughout the claimed attack - Netcraft shows no problems until (well, allegedly) SCO themselves pulled the plug. By all this evidence, at least the press release is inaccurate / not technically sound. Some of SCO's claims can be proven wrong. However, an outage of the intranet, potentially over multiple days, makes it impossible to find out which code from Unix was lifted into Linux (assuming that the missing MIT mathematicians cannot be found, and the diff must be run again). Enough to sign an affidavit, and present to the judge on Jan 23? If they do that, they're up for criminal charges, I hope. I cannot resist, but excuse me for now:
Let's collect this Posted Dec 10, 2003 17:15 UTC (Wed) by jhardin (guest, #3297) [Link] > Furthermore, the SCO web site does not seem to be hosted by SCO.> Their ftp and mail servers are up and running throughout the claimed attack > Netcraft shows no problems until (well, allegedly) SCO themselves pulled the plug. The last time SCO claimed a DoS on their website (the Eric Raymond brouhaha) ISTR someone contacted their ISP and asked whether a DoS was actually underway, and the ISP said No. Somebody needs to contact SCO's ISP and get them on the record saying whether there was or was not a DDoS underway.
Let's collect this Posted Dec 10, 2003 17:30 UTC (Wed) by nowster (subscriber, #67) [Link] According to tcptraceroutes I've done, their ISP is doing the blocking of packets going to www.sco.com at their border routers (the ones which interconnect with other ISPs). This could indicate a DDOS prevention exercise on the part of their ISP (XO Communications).The reasoning behind doing this is that the ISP will have a bigger pipe to the outside world, and will be able to take the DDOS hit more easily than the DDOS'd customer's pipe could.
Report: "SCO Hacked By Linux Backers" Posted Dec 10, 2003 18:58 UTC (Wed) by rjamestaylor (guest, #339) [Link] Third of the Year: SCO Hacked By Linux BackersThis is getting ridiculous. There's no proof that there was a DDoS attack and it's already a "fact" that "Linux Backers" did it. (Perhaps the SysAdmin at SCO is a Linux Backer?). Besides, PJ and others (as reported at Groklaw) called SCO and were told there was no attack but that the website was down for maintenance. Then Stooge-well releases a stock-price-boosting claim that there __is__ and attack underway. What crap.
Report: "SCO Hacked By Linux Backers" Posted Dec 10, 2003 22:10 UTC (Wed) by TimCunningham (guest, #10316) [Link] Link is a 404 now, by the way.
Report: "SCO Hacked By Linux Backers" Posted Dec 10, 2003 23:08 UTC (Wed) by rjamestaylor (guest, #339) [Link] After I posted that article and link I wrote to the online-mag's Technical Editor the following:
http://www.groklaw.net/article.php?story=20031210163721614 Your story and its rather inflamatory headline has been picked up by Google News, which is how I found it. I trust your organization is as concerned about the validity of its reports as it is of its integrity as a whole. Please correct the unwarranted assumptions in this article and its headline. Sincerely, Robert Taylor
Now is a good time for a press Release Posted Dec 11, 2003 3:50 UTC (Thu) by boucman (guest, #16379) [Link] Let's face it,what usually gets the top headline is not the most important news, it's the more sensationnal... now is our chance "SCO pretends to be attacked to boost it's stock" is much more sensational than "SCO is atttacked again by linux hackers"
|
|||||||||||