LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

SCO press release on DDOS attack

SCO press release on DDOS attack

Posted Dec 10, 2003 21:40 UTC (Wed) by hamjudo (subscriber, #363)
In reply to: SCO press release on DDOS attack by jeremiah
Parent article: SCO press release on DDOS attack

It's wrong wrong wrong, but it sure does make me smile.

The Reuters report is much less wrong: SCO said site was attacked, brought down

SCO hasn't released any evidence that the site was attacked.

If you look at the Netcraft minute-by-minute reachability chart, you'll see that www.sco.com was responding quickly up until the minute it was pulled off the net.

If there was an attack, there isn't any evidence that the folks on Groklaw could find.

(Log in to post comments)

SCO press release on DDOS attack

Posted Dec 10, 2003 22:08 UTC (Wed) by xorbe (subscriber, #3165) [Link]

I don't think it would be that hard to launch all zombie machines within 60 seconds of each other. Heck, run ntp on them all, and set the DoS time. They'll all start within the second.

SCO press release on DDOS attack

Posted Dec 11, 2003 0:05 UTC (Thu) by rjamestaylor (guest, #339) [Link]

Ok, how about this:
The IP address of ftp.sco.com is 216.250.128.13. The IP address of www.sco.com is 216.250.128.12 - which is the one that is "attacked".

I do not think it is possible for the above two to be on seperate subnets, because the "12" would then be a network address and an invalid machine IP, (and as the subnets would only consist of 4 IP addresses you could only have one machine per subnet making it pointless anyway). - So it is safe to assume they are on the same network.

ftp.sco.com (the .13 address) is staying up all through the "attack", so the "attack" is not swamping the network there.

Linux has a means of dealing with SYN attacks by using "SYNCOOKIES". They are fast and easy to implement. This would negate the effect of the attack enabling them to keep the website up. It is difficult to believe that SCO, or their web hoster, do not have the technical expertise to implement that.

All in all the "facts" do not make sense here. Either SCO (or the web hoster) is incompetent, or they are lieing.

Source: Authored by: eamacnaghten on Wednesday, December 10 2003 @ 05:08 PM EST

SCO press release on DDOS attack

Posted Dec 11, 2003 1:29 UTC (Thu) by dbhost (guest, #3461) [Link]

"All in all the "facts" do not make sense here. Either SCO (or the web hoster) is incompetent,"

I don't think it would be their web host. And to be honest, Caldera Open Linux had a reasonable reputation for security, which should have meant that those that produced the distribution understood how to configure it... Perhaps all the technical people have been laid off and all they have now are executives with bad hair and lawyers.

SCO press release on DDOS attack

Posted Dec 11, 2003 1:35 UTC (Thu) by xoddam (subscriber, #2322) [Link]

It looks like Netcraft's uptime pages have themselves been hit by a DDOS. Or Slashdot, perhaps.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds