SCO DOS'ed

Thomas Cort writes "BusinessWeek has an article about a DDoS attack against SCO. "At 10:45 a.m., the Unix and Linux seller was hit by a distributed denial-of-service attack (DDoS) that hampered its Internet operations, said SCO spokesman Blake Stowell ... the Utah-based company has incurred the wrath of many Linux enthusiasts infuriated with its lawsuit against IBM ... SCO's Internet service provider, ViaWest, told SCO that about 100 high-speed T1 data-transmission lines of network capacity--about 90 percent of its total bandwidth--was being consumed in the attack.""

SCO has another problem too

[Sun+Tzu]

Check out this article about the GPL implications of their republishing IBM's alegedly infringing code in their own version of Linux.

Serves them right

[miketang16]

I like the worlds-smallest-violin dept.

It fits this perfectly. Nobody's going to feel sorry for SCO, claiming that somehow Linux is based off of their code. I remember seeing that map of the *nix's by SCO, that was totally made up. Perhaps someone should tell them that Linus wrote it from scratch...

Re:Why you gottat go and do a stupid thing like th

[bnenning]

Absolutely right. I wouldn't be surprised to see some MS FUD based on this, e.g. "You really don't want to get involved with those Linux hooligans. Do anything they don't like and they'll attack your systems."

Possibly two other problems...

[leonbrooks]

From that article:

Now this is an interesting little problem for SCO. They are claiming that IBM copied SCO Unix code, unchanged, into Linux.
"We're finding...cases where there is line-by-line code in the Linux kernel that is matching up to our UnixWare code," McBride said in an interview.

Meanwhile, SCO themselves continue to knowingly distribute the infringing code under the GPL. The GPL states that:

b) You must cause any work that you distribute or publish, that whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

Therefore, SCO is now knowingly granting me, you, and IBM full GPL rights to any IBM-introduced infringing code that they (SCO) own.

They have, haven't they? Contrary to what the article says, I do believe this is a major hole in the foot for their faux pas against IBM, because regardless of the validity of said code secrets, and regardless of whether they're GPLed or not, SCO have made the code publicly available, long before they prepared or made complaint against IBM. How could IBM steal something that's publicly available? D'oh?

I can't see how it could be applied this way (surprise: IANAL), but it would be ironic enough to be picked up with a magnet if SCO's publication-under-the-GPL of this code implied the GPLing of their UnixWare(tm,(R),(c),etc...) code as well. I imagine that would have rather... extensive effects on things like their share-market value.

For the non-hacker, how can you help this cause?

This took WAY TOO LONG. For the non-hacker, how can you help?

Whatever happened to signing them up to every junkmail and junk email list also?

Posting every SCO email address on numerous usenet groups.

Phoning the 1800 numbers to cost them a bundle in toll calls asking stupid questions about the lawsuit.

Or the good ol' fashioned turd in a parcel gag....

Pinging SCO flat out won't do diddly squat, but if every /. reader left their pc's pinging SCO... plus the current DDOS.... /Insert own idea here/

Sue IBM, get fingered.

[faedle]

This is what happens when demented people play with powerful toys.

Okay. IBM has a lot of bandwidth. IBM has an outsourcing network solutions division. IBM has hired "hackers" at various times to do penetration testing and the like for said division. SCO sues IBM while taking a swipe at Linux. SCO gets DDoSsed into the uucp era.

It's likely completely coincidental, but it is conceptually quite amusing.

SCO is acting unprofessionally...

[dh003i]

by implying that GNU/Linux fans did this. I say we should all file separate (not joint) lawsuites against them for defamation (this would really fuck up their legal department with paperwork, because they'd be sued by about a thousand people at once).

Yes it sounds like a plain old slashdotting.

[Ungrounded+Lightning]

Are they sure it wasn't just an old-fashioned slashdotting?

Sounds like it:

CO's Internet service provider, ViaWest, told SCO that about 100 high-speed T1 data-transmission lines of network capacity--about 90 percent of its total bandwidth--was being consumed in the attack.

Well, let's see:

A single T3 is 28 T1s. So four T3s is 112 T1s. 90% of that is 100.8 T1s - "about a hundred T1s".

So it sounds like Via West, their ISP, only HAS four T3s worth of connectivity to the rest of the net. That's pretty rinky-dink as ISPs go - but the Santa Cruz area is pretty small, over the coastal range from the main drag for communication lines, and doesn't have a lot of industry. I could easily see the local ISPs getting by on foure T3s rather than stringing a couple fibers that far (or renting them from somebody who did). That's big bucks for a small user community.

Given that SCO's website was mentioned in a slashdot article, I could easily see the readers following the link and slashdotting it until their ISP was at 90% with the web requests.

But the Business Week article also says that the attack was from 138 zombies, not from the general net. 138 machines could easily produce a DDoS attack of that magnitude. But a slashdotting would be a lot less traffic each from a lot more sites across the whole net.

So, no, it looks like a real DDoS.

Anti-Stupidity League Claims Responsibility

I have been authorized by the Central Committee of the Anti-Stupidity League to issue the following communique:

We, the members of the Anti-Stupidity League, have launched this distributed denial-of-service attack on the Santa Cruz Organization. This is the opening salvo of our war against the forces of stupidity, inanity, and idiocy. Our Pearl Harbor, if you will. Except this sleeping giant will never wake.

Stupidity is the greatest force the universe has ever known, however we will not shrink from this fight. We will not go gently into the night. Our intention is to go down swinging in the hope of taking as many of the stupid bastards down with us.

We are non-partisan: we have no horse in this "race" between Open Source and proprietary software, between the RIAA and P2P, between liberal and conservative, between East and West, Democrat and Conservative, Labor and Tory, pro-choice and pro-life, Muslim and Hindu, Christian and Jew. We will strike a blow against the forces of stupidity wherever it can be found.

Today SCO, tomorrow Microsoft, perhaps Red Hat the next day. If it's stupid, we will find it and, perhaps, someday vanquish it.

Join us in this fight. You have nothing to lose but your fetters.

This has been a communique from the Anti-Stupidity League. Further communication shall follow.

Re:Who didn't see this coming?

[JWSmythe]

Some people have that kind of bandwidth available. Hell, I have 3 different places with 1Gb connections to OC192's.. Of course, we're busy serving up porn sites, and I'm not really that interested in the SCO thing..

I do wonder if it's an irate employee of IBM, or even someone at Microsoft playing around.. Either of them probably have sufficent bandwidth to pull this off. They'd be caught pretty quickly though. It's kinda obvious when you have 10 machines on the same network doing ping -f sco.com.. :) A few hundred slaves on cablemodems would accomplish the same thing pretty easily.

I hit our networks between each other occasionally with that kind of traffic, just to see the bandwidth jump up. I'm surprised they can't handle it. I guess that's the difference between handling big porn sites, and handling SCO's needs (tee-hee).

It looks like they've changed providers since this happened, or maybe they just stopped.. Watching a DoS is kinda boring..

13 0.so-3-0-0.XL2.SLT4.ALTER.NET (152.63.102.13) 86.413 ms 49.691 ms 41.490
ms
14 186.ATM6-0.GW4.SLT4.ALTER.NET (152.63.91.249) 36.255 ms 169.646 ms 88.828
ms
15 center7-gw.customer.alter.net (157.130.166.198) 56.096 ms 88.057 ms 58.52
3 ms
16 c7pub-216-250-136-74.center7.com (216.250.136.74) 169.640 ms 73.178 ms 12
4.894 ms
17 * * *

They really should do something more creative than just flooding them with traffic. How about a good syn flood, or hammering one of their CGI's. Maybe finding a nice mail-to script on their own site, and filling the support boxes with bogus script-generated messages..

Flooding them with traffic just isn't nice to the rest of the customers on that network. What if someone else is hosted there? Or you completely mangle the ISP for that part of the country? If someone flooded a few different major networks in Florida with about 45Mb/s traffic, it would kill all of their customers in the state. I'd have customers calling from down there all the time asking why everything seemed slow, so I'd do traceroutes from around the country, and realize no one had decent ping times to them. :) Well, unless you consider >300ms and >10% packet loss good.

I'll quietly snicker while they do their evil deeds, and still say "that's not nice". I know it's annoying when people do 'em to us (it's a daily occurance).