SCO DOS'ed

Thomas Cort writes "BusinessWeek has an article about a DDoS attack against SCO. "At 10:45 a.m., the Unix and Linux seller was hit by a distributed denial-of-service attack (DDoS) that hampered its Internet operations, said SCO spokesman Blake Stowell ... the Utah-based company has incurred the wrath of many Linux enthusiasts infuriated with its lawsuit against IBM ... SCO's Internet service provider, ViaWest, told SCO that about 100 high-speed T1 data-transmission lines of network capacity--about 90 percent of its total bandwidth--was being consumed in the attack.""

SCO has another problem too

[Sun+Tzu]

Check out this article about the GPL implications of their republishing IBM's alegedly infringing code in their own version of Linux.

Serves them right

[miketang16]

I like the worlds-smallest-violin dept.

It fits this perfectly. Nobody's going to feel sorry for SCO, claiming that somehow Linux is based off of their code. I remember seeing that map of the *nix's by SCO, that was totally made up. Perhaps someone should tell them that Linus wrote it from scratch...

Re:Why you gottat go and do a stupid thing like th

[bnenning]

Absolutely right. I wouldn't be surprised to see some MS FUD based on this, e.g. "You really don't want to get involved with those Linux hooligans. Do anything they don't like and they'll attack your systems."

Possibly two other problems...

[leonbrooks]

From that article:

Now this is an interesting little problem for SCO. They are claiming that IBM copied SCO Unix code, unchanged, into Linux.
"We're finding...cases where there is line-by-line code in the Linux kernel that is matching up to our UnixWare code," McBride said in an interview.

Meanwhile, SCO themselves continue to knowingly distribute the infringing code under the GPL. The GPL states that:

b) You must cause any work that you distribute or publish, that whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

Therefore, SCO is now knowingly granting me, you, and IBM full GPL rights to any IBM-introduced infringing code that they (SCO) own.

They have, haven't they? Contrary to what the article says, I do believe this is a major hole in the foot for their faux pas against IBM, because regardless of the validity of said code secrets, and regardless of whether they're GPLed or not, SCO have made the code publicly available, long before they prepared or made complaint against IBM. How could IBM steal something that's publicly available? D'oh?

I can't see how it could be applied this way (surprise: IANAL), but it would be ironic enough to be picked up with a magnet if SCO's publication-under-the-GPL of this code implied the GPLing of their UnixWare(tm,(R),(c),etc...) code as well. I imagine that would have rather... extensive effects on things like their share-market value.

For the non-hacker, how can you help this cause?

This took WAY TOO LONG. For the non-hacker, how can you help?

Whatever happened to signing them up to every junkmail and junk email list also?

Posting every SCO email address on numerous usenet groups.

Phoning the 1800 numbers to cost them a bundle in toll calls asking stupid questions about the lawsuit.

Or the good ol' fashioned turd in a parcel gag....

Pinging SCO flat out won't do diddly squat, but if every /. reader left their pc's pinging SCO... plus the current DDOS.... /Insert own idea here/

Sue IBM, get fingered.

[faedle]

This is what happens when demented people play with powerful toys.

Okay. IBM has a lot of bandwidth. IBM has an outsourcing network solutions division. IBM has hired "hackers" at various times to do penetration testing and the like for said division. SCO sues IBM while taking a swipe at Linux. SCO gets DDoSsed into the uucp era.

It's likely completely coincidental, but it is conceptually quite amusing.

Nanny nanny boo boo.

[rice_burners_suck]

This post if ON TOPIC but requires two or three paragraphs of introductory text, kind of like a book that requires 150 pages of character development before the plot gets good. Except you're lucky because I conveniently summarized 150 pages into this short post:

There used to be a show on television called Vengeance Unlimited. When they cancelled that show and replaced it with "America's Funniest Pets," I stopped watching television, having realized just how profoundly low the content providers had stooped.

In one episode, the main character (the vengeance for hire guy) manages to jack ill gained (down payment) money that a bogus real estate agent had scammed out of people. In its place in the safe deposit box, the vengeance guy left a note that read:

NANNY NANNY BOO BOO.

That is the message, I hope, that SCO has received by the zillions of angry /. readers and other geeks around the world who are outraged at SCO's stupid, obvious attempt to make money by legal (court litigation) means instead of by marketing and "honest" business means.

That's right, SCO... Read my sig and whimper. (Its explanation is in another post of mine somewhere.)

SCO is acting unprofessionally...

[dh003i]

by implying that GNU/Linux fans did this. I say we should all file separate (not joint) lawsuites against them for defamation (this would really fuck up their legal department with paperwork, because they'd be sued by about a thousand people at once).

As far as I'm concerned...

[Rares+Marian]

1. These are computers not human beings.
2. Crashing or overloading them is merely temporary suspended animation.
3. There was no real damage done.
4. So called lost transactions were merely delayed to another day not lost, therefore there was zero damage only righteous frustration of SCO.

It's the most satisfying benign form of protest.

I encourage it.

Also, I'll add that the Usenet Death Sentence was often used to get ISPs to care about spam. Quite effectively too.

Yes it sounds like a plain old slashdotting.

[Ungrounded+Lightning]

Are they sure it wasn't just an old-fashioned slashdotting?

Sounds like it:

CO's Internet service provider, ViaWest, told SCO that about 100 high-speed T1 data-transmission lines of network capacity--about 90 percent of its total bandwidth--was being consumed in the attack.

Well, let's see:

A single T3 is 28 T1s. So four T3s is 112 T1s. 90% of that is 100.8 T1s - "about a hundred T1s".

So it sounds like Via West, their ISP, only HAS four T3s worth of connectivity to the rest of the net. That's pretty rinky-dink as ISPs go - but the Santa Cruz area is pretty small, over the coastal range from the main drag for communication lines, and doesn't have a lot of industry. I could easily see the local ISPs getting by on foure T3s rather than stringing a couple fibers that far (or renting them from somebody who did). That's big bucks for a small user community.

Given that SCO's website was mentioned in a slashdot article, I could easily see the readers following the link and slashdotting it until their ISP was at 90% with the web requests.

But the Business Week article also says that the attack was from 138 zombies, not from the general net. 138 machines could easily produce a DDoS attack of that magnitude. But a slashdotting would be a lot less traffic each from a lot more sites across the whole net.

So, no, it looks like a real DDoS.

Re:Oh, great

[beebware]

Should the measurement be "We got attacked by 0.75 libraries of congress within 24 hours" type thing then?

Next step...

[acrolein]

A firebombing...

Anti-Stupidity League Claims Responsibility

I have been authorized by the Central Committee of the Anti-Stupidity League to issue the following communique:

We, the members of the Anti-Stupidity League, have launched this distributed denial-of-service attack on the Santa Cruz Organization. This is the opening salvo of our war against the forces of stupidity, inanity, and idiocy. Our Pearl Harbor, if you will. Except this sleeping giant will never wake.

Stupidity is the greatest force the universe has ever known, however we will not shrink from this fight. We will not go gently into the night. Our intention is to go down swinging in the hope of taking as many of the stupid bastards down with us.

We are non-partisan: we have no horse in this "race" between Open Source and proprietary software, between the RIAA and P2P, between liberal and conservative, between East and West, Democrat and Conservative, Labor and Tory, pro-choice and pro-life, Muslim and Hindu, Christian and Jew. We will strike a blow against the forces of stupidity wherever it can be found.

Today SCO, tomorrow Microsoft, perhaps Red Hat the next day. If it's stupid, we will find it and, perhaps, someday vanquish it.

Join us in this fight. You have nothing to lose but your fetters.

This has been a communique from the Anti-Stupidity League. Further communication shall follow.

Re:Anti-Stupidity League Claims Responsibility

The interesting thing is that any anti- group can easily end up being worse than the philosophy they claim to be against. So any anti-stupidity group is stupider than who they call the "stupidity group".

The people that do this DoS shit can GROW UP?! I'll quote this other post that's further down this thread:

"The amazingly stupid thing about this is:

1) it makes a clear case for increasing criminal penalties for interfering with comm services.

2) It doesn't hurt SCO. It may, however, bankrupt the small, independent ISP they chose to do business with.

3) Even if it did hurt SCO, who gets canned over it? The lawyers? Nope. The CEO? Nope. The first-level support guys who live paycheck-to-paycheck? Yep.

DDOS'ing a company is a stupid, childish, and completely counter-productive thing to do. It harms nobody but innocent bystanders. Cheering these idiots on is no different from cheering on any other vandal."

What about to do it politely?

Send a mail to executives of SCO
(I cannot find the direct e-mail adresses info@sco.com will have to do the service)

Darl C. McBride - President & CEO

Chris Sontag - Senior VP & General Manager, SCOsource Division

Robert K. Bench - CFO

Opinder Bawa - Senior VP, Engineering and Global Services

Sean Wilson - Senior VP, Corporate Development

May be after few days they will understand that they alianetad to many people.

For fun you can try to listen to the recording
of the public teleconference 'Earnings Release Call'.

Re:worse to come

[Billly+Gates]

" The DDoS is nothing compared to the DLoP (Distributed Lack of Purchasing)"

Funny since this has already happened since 98 when Linux invaded their whole market. They made 4 billion on a settlement with Microsoft for the dr dos deal. SCO has been using this money for the last couple of years to stay in bussiness since OpenServer and Unixware make up so little in revenue.

New bussiness plan: Make money by suing people. Not selling.

Integraph(remember them?) is a classical example. They make around $17 million with software/hardware products but make close a billion thanks to pantents and sueing every workstation maker on the planet. At least this is what I heard on CNN.

Integraph's whole existance is to steal money and sue people. Rambus is the same. Even though they lost recent court cases they still have contracts with all American and most Japanese companies that they can not back out of since they signed them. They just patent whatever they develop and charge them for their own idea's. Its pathetic.

Its sadly a sucessfull bussiness model today and is why the number of patent applications double every 2 years. Big corp wants a piece of the action.

Rumor also has it that one of the board of directors who was the director Dr. DOS made 40 million from the dr dos trial. He then purchased stocks for pennies right before this lawsuit came out. My guess is he plans to retire in luxury. Infact someone even posted a link to SCO's board of directors and each one bought thousands of shares for like $.80 a piece.

This dosen't look bad at all....

[TheQuantumShift]

So now the general public, and all the PHB's out there see it like this:

SCO does something wholly American by pursuing "Legal Action" against those open source thieves. And these linux "hackers" respond by in a "hackerly" manner.

Great. As long as we keep up on the snide comments made to "Windoze Luzurz", we should be right on track to obscurity.

It is the community's fault!

See what happens when you ridicule someone's Linux distro? We all made fun of Caldera instead of welcoming SCO into the Linux fold. Now, that little puppy we ignored and pushed away has come back to bite us in the ass with angry lawyer teeth. I suspect Lindows will be next.

Re:Who didn't see this coming?

[JWSmythe]

Some people have that kind of bandwidth available. Hell, I have 3 different places with 1Gb connections to OC192's.. Of course, we're busy serving up porn sites, and I'm not really that interested in the SCO thing..

I do wonder if it's an irate employee of IBM, or even someone at Microsoft playing around.. Either of them probably have sufficent bandwidth to pull this off. They'd be caught pretty quickly though. It's kinda obvious when you have 10 machines on the same network doing ping -f sco.com.. :) A few hundred slaves on cablemodems would accomplish the same thing pretty easily.

I hit our networks between each other occasionally with that kind of traffic, just to see the bandwidth jump up. I'm surprised they can't handle it. I guess that's the difference between handling big porn sites, and handling SCO's needs (tee-hee).

It looks like they've changed providers since this happened, or maybe they just stopped.. Watching a DoS is kinda boring..

13 0.so-3-0-0.XL2.SLT4.ALTER.NET (152.63.102.13) 86.413 ms 49.691 ms 41.490
ms
14 186.ATM6-0.GW4.SLT4.ALTER.NET (152.63.91.249) 36.255 ms 169.646 ms 88.828
ms
15 center7-gw.customer.alter.net (157.130.166.198) 56.096 ms 88.057 ms 58.52
3 ms
16 c7pub-216-250-136-74.center7.com (216.250.136.74) 169.640 ms 73.178 ms 12
4.894 ms
17 * * *

They really should do something more creative than just flooding them with traffic. How about a good syn flood, or hammering one of their CGI's. Maybe finding a nice mail-to script on their own site, and filling the support boxes with bogus script-generated messages..

Flooding them with traffic just isn't nice to the rest of the customers on that network. What if someone else is hosted there? Or you completely mangle the ISP for that part of the country? If someone flooded a few different major networks in Florida with about 45Mb/s traffic, it would kill all of their customers in the state. I'd have customers calling from down there all the time asking why everything seemed slow, so I'd do traceroutes from around the country, and realize no one had decent ping times to them. :) Well, unless you consider >300ms and >10% packet loss good.

I'll quietly snicker while they do their evil deeds, and still say "that's not nice". I know it's annoying when people do 'em to us (it's a daily occurance).

Re:Who didn't see this coming?

[Avakado]

At 1.5mbps thats 150 megs a second!

IRC efnet a year and a half ago crawled to its knees when a cracker hit it with just 20 megs a second.

Assuming megs means megabytes, you are wrong. 1.5Mbps * 100 = 150 Mbps = 18 MB/s.