Slashdot Mirror
SCO DOS'ed
Thomas Cort writes "BusinessWeek has an article about a DDoS attack against SCO.
"At 10:45 a.m., the Unix and Linux seller was hit by a distributed denial-of-service attack (DDoS) that hampered its Internet operations, said SCO spokesman Blake Stowell ... the Utah-based company has incurred the wrath of many Linux enthusiasts infuriated with its lawsuit against IBM ... SCO's Internet service provider, ViaWest, told SCO that about 100 high-speed T1 data-transmission lines of network capacity--about 90 percent of its total bandwidth--was being consumed in the attack.""
I'd hate to say this, but serves them right.
Shocked! Shocked, I am! I am absolutely amazed it took THIS LONG for that to actually happen.
I remember thinking "they're gonna get hacked, DOSed and generally trashed" about 10 seconds into the *original* article.
Learning HOW to think is more important than learning WHAT to think.
Are they sure it wasn't just an old-fashioned slashdotting?
Quintus malus puer est.
Er, that's 3 words... ;)
Check out this article about the GPL implications of their republishing IBM's alegedly infringing code in their own version of Linux.
Geeky modern art T-shirts
Real poetic justic would have been to DDoS them with SCO Linux-running zombies controlled by Red Hat, SuSe, etc. masters. However, this planned would fail as the 42 boxes worldwide running SCO Linux don't have nearly enough bandwidth.
I like the worlds-smallest-violin dept.
It fits this perfectly. Nobody's going to feel sorry for SCO, claiming that somehow Linux is based off of their code. I remember seeing that map of the *nix's by SCO, that was totally made up. Perhaps someone should tell them that Linus wrote it from scratch...
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
Im betting it was all the dupes that finally brought the house down.
Manipulate the moderator system! Mod someone as "overrated" today.
Sure SCO is being a prick about this law suit but to have a bunch of vengefull open source/Linux Crusaders attack thier systems just gives the whole opensource community a bad name. Just suck it up and let them sue, cause either we the open source community screwed up and used code we shouldn't have or SCO is blowing smoke and IBM will win the suit.
Gotta love the way the article puts this whole slant that it must be Linux fans doing it. The SCO guy just coming out and saying it's unprofessional for us linux boys to do this sort of thing, that just reeks dude. Reeks. Leeks. mmmm, hungry.
Like what I said? You might like my music
"It will be like taking candy from a baby... hey, that sounds like a lark - let's try it right now!" - Mr Burns (aka the new CEO of SCO) talking about the IBM Lawsuit.
there are too many *legal* ways of showing to SCO our revolt with they 're dirty tactics without needing to play at they 're (very low) level
Just my two cnts
cheers from Portugal ...
This is another lie by the American press! SCO was not DOS'd. Infact, we today DOS'd over 50 linux websites. Let the linux infidels come, there will be a day of reckoning for Red Hat and SuSE when this is done.
Mohammed al-Sahaf (now the SCO press minister)
Former Iraqi Information Minister Mohammed Saeed al-Sahaf
yeah, I totally agree. What would be far more matured is a defaced sco website that says "SCO SUXX0RZ L1NUX R0XX0RZ!" and then at the bottom of the page it said "nanny nanny boo boo! You smell like doo doo!"
That's how Miss Manners would handle this.
In the future, I would want to not be isolated from my friends in the Space Station.
NOT. If you piss off alot of technically knowledgeable people you're gonna get screwed.
Yeah, just look at Saddam Hussein....
Like what I said? You might like my music
Freaks rejected by society engage in a shocking attack against an authority figure, thereby justifying attacks against those freaks.
Just great, now SCO will get all Stryker on Linux's ass, just what we need.
- jon
Ganymede, a GPL'ed metadirectory for UNIX
Absolutely right. I wouldn't be surprised to see some MS FUD based on this, e.g. "You really don't want to get involved with those Linux hooligans. Do anything they don't like and they'll attack your systems."
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
Who said that a bunch of people were involved in the attack. The article said it was around 138 machines. An attack that small was could easily have been done and probably was by one person.
They have, haven't they? Contrary to what the article says, I do believe this is a major hole in the foot for their faux pas against IBM, because regardless of the validity of said code secrets, and regardless of whether they're GPLed or not, SCO have made the code publicly available, long before they prepared or made complaint against IBM. How could IBM steal something that's publicly available? D'oh?
I can't see how it could be applied this way (surprise: IANAL), but it would be ironic enough to be picked up with a magnet if SCO's publication-under-the-GPL of this code implied the GPLing of their UnixWare(tm,(R),(c),etc...) code as well. I imagine that would have rather... extensive effects on things like their share-market value.
Got time? Spend some of it coding or testing
For those of you who's lazy to click, here's two paragraphs summary:
The upshot of this GPL paragraph is that by relicensing their own code under non-GPL terms, once having knowingly released said code under the GPL, they have forfeited their own rights to distribute Linux. Or, at least that's how I interpret it. Further, the same paragraph states that the rest of us still hold full GPL rights to the code SCO originally licensed to us via the GPL.
The bottom line to us would appear to be that, even if there is IBM-introduced, SCO-owned, infringing code in Linux, it is now officially released under the GPL by the copyright holder, SCO. And, of course, no sanitizing of the Linux kernel is necessary. This spat should have no effect on Linus, Red Hat, SuSE, or any other Linux developer or distributor.
--
Error 500: Internal sig error
We take the high road or we go away as anything meaningful.
SCO doesn't need us to shoot them in the foot, they are doing that themselves.
On a lighter note, aren't all those virus cluckers supposed to prevent this in windows?
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
Just goes to show that the power of the people will always show through, some how.
This took WAY TOO LONG. For the non-hacker, how can you help?
/. reader left their pc's pinging SCO... plus the current DDOS.... /Insert own idea here/
Whatever happened to signing them up to every junkmail and junk email list also?
Posting every SCO email address on numerous usenet groups.
Phoning the 1800 numbers to cost them a bundle in toll calls asking stupid questions about the lawsuit.
Or the good ol' fashioned turd in a parcel gag....
Pinging SCO flat out won't do diddly squat, but if every
"It was the second-largest onslaught ViaWest had experienced, according to SCO."
The first being the Slashdotting they got?
Note to M1-ers: a curt but otherwise insightful message is not "Flamebait" or "Troll".
Despite the fact that I think SCO deserves it, I wonder if this will look good for open source. I mean I can see the FUD for this already.
"If you even make threats against the open source community they may just attack your systems. "
It wouldn't surprise me if SCO DOS'd themselves for more attention (or possibly DOS'd themselves by accident knowing those wankers), but I can see a possible bad spin.
Only SCO has the technical know-how to develop DOS software, and to carry it out.
The open source community just isn't capable of developing such techniques, despite published papers being available for years on the topic of DOS attacks.
IBM must have helped them.
This is what happens when demented people play with powerful toys.
Okay. IBM has a lot of bandwidth. IBM has an outsourcing network solutions division. IBM has hired "hackers" at various times to do penetration testing and the like for said division. SCO sues IBM while taking a swipe at Linux. SCO gets DDoSsed into the uucp era.
It's likely completely coincidental, but it is conceptually quite amusing.
This took WAY TOO LONG. For the non-hacker, how can you help?
If you want to help out in a DDOS attack, but you don't have the skills to engineer such a thing, then you should consider using these products.
Like what I said? You might like my music
Damnit. This sort of crap is exactly what we don't need! SCO's not pursuing this case because they expect to win, they're trying to get as much media attention as possible. The more bad press the OSS/Linux/GNU/hacker community gets, the stronger the need to shut SCO up becomes. They want to be bought out. Demostrating to the world that there are "evil hackers" out there with little respect for corporations and the law just adds fuel to a fire.
The drama the DDoS kiddies serves as a nice distraction that SCO has no case!
Mod me down, I really don't care at all. I am anti-linux and pro-BSD for no other reason than the fact that I can't stand the brutal attitude shown by a majority of linux users. In fact, I've influenced clients to go with BSD instead of linux for just that reason. Wanna hear a secret? I'm not the only one.
Let me guess: you don't care and I can go fuck myself. Doesn't break my heart -- I like to be proven right.
This was just the first step taken by the RIAA's cyberwar attack. Looks like somebody had an mp3 on their server.... ;)
The only thing that will stop you from fulfilling your dreams is you. - Tom Bradley
I mean SCO seems allright now. And besides I can't imagine that anyone would stoop so low as to deliberatly overload their servers. Besides just look at their site. Which is running so well as I look at it now. It would truly be a shame if their servers happended to get ./ed, wouldn't it?
I stole this Sig
by implying that GNU/Linux fans did this. I say we should all file separate (not joint) lawsuites against them for defamation (this would really fuck up their legal department with paperwork, because they'd be sued by about a thousand people at once).
social sciences can never use experience to verify their statemen
Maybe the RIAA are DDOSing them. Maybe SCO has some of them p2p users on their network. You can't hide from the might RIAA.
In other news, SCO plans to sue its own OpenLinux division for possibly abusing access to UNIX trade secrets. SCO issued a press release stating that there was "substantial evidence" that their Linux group had used proprietary UNIX code in the Linux kernel and OpenLinux operating system, though the press release then stated, "but we don't have it with us."
Signature.
contained in the SYS V startup scripts.
It's time to move to bsd style startups to avoid having SCO pull an RIAA (removing them)
The truth about Led Zep should never be told on
Now the legal system will have even less respect for linux, and those working on it -- some of whom happen to be the defendants in a somewhat important lawsuit happening at the moment.
So while, yes, it's quite funny, perhaps it wasn't a particularly wise move? People need to start repsonding intelligently rather than with knee-jerk retribution.
Sounds like it:
Well, let's see:
A single T3 is 28 T1s. So four T3s is 112 T1s. 90% of that is 100.8 T1s - "about a hundred T1s".
So it sounds like Via West, their ISP, only HAS four T3s worth of connectivity to the rest of the net. That's pretty rinky-dink as ISPs go - but the Santa Cruz area is pretty small, over the coastal range from the main drag for communication lines, and doesn't have a lot of industry. I could easily see the local ISPs getting by on foure T3s rather than stringing a couple fibers that far (or renting them from somebody who did). That's big bucks for a small user community.
Given that SCO's website was mentioned in a slashdot article, I could easily see the readers following the link and slashdotting it until their ISP was at 90% with the web requests.
But the Business Week article also says that the attack was from 138 zombies, not from the general net. 138 machines could easily produce a DDoS attack of that magnitude. But a slashdotting would be a lot less traffic each from a lot more sites across the whole net.
So, no, it looks like a real DDoS.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Should the measurement be "We got attacked by 0.75 libraries of congress within 24 hours" type thing then?
Conversely, anyone here feel like they're BEING TREATED unprofessionally? The article makes it look like SCO has jumped to the conclusion that it's Linux fans doing the attack. If that is true, then SCO is acting unprofessionally themselves. How many fingers are they pointing at us?
Well, just who the hell do you think it is doing it? IBM? It's the same people who always do this shit - stupid kids that think they're making some kind of political statement by breaking stuff. This time, instead of saying "you can't stop us from trading music", it's "how dare you try to fuck with Linux you assholes!!" Yeah. Really mature.
Getting your buddies together and pointing all your zombied machines at someone's IP address and going "bang" does NOT constitute legitimate protest. Even if you don't care about SCO, this is screwing their ISP bigtime - they're knocking out 90% of their bandwidth, for crissake. All it does is reinforce every negative stereotype of Linux/Open Source/GPL people held by the rest of the world.
What if life is just a side effect of some other process and God has no idea we exist?
A firebombing...
when come back bring pie
There is no evidence to suggest that the individuals who did this have anything to do with the FS/OSS GNU/Linux community, or were even fans of GNU/Linux.
There are many possibilities as to who did this, only one of which is a Linux-fan.
Could have been an angered ex-employee at SCO.
Could have been a renegade at IBM.
Could have been someone who doesn't like SCO for some other reason.
So, stop defaming the Linux community.
social sciences can never use experience to verify their statemen
138 zombies? I doubt they have as many clients left.
Friends don't help friends install M$ junk.
But, what of the mob when the law is made of the rich, by the rich, for the rich?
good point
;-P
alright, fuck the rich
burn them all
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Oh how sweet it is!!
Ok, so they are loaded down to 90%...
How about let's see that raised to 110% ???
And let it not stop until they relent.
This is not about defending IBM but about defending the FREE WORLD..
The DDOS'ers are freedom fighters..
Cry havoc and let slip the dogs of war !!!
The code that was given to IBM was given as Unix, not under GPL. SCO claims IBM released THAT code under Linux. They can release it now.. and IBM could even claim they took the code released under SCO, incorporated that GPL code into their products, but theyre not claiming that now. Theyre claiming they never did release SCO code under Linux. We dont even know what product of Linux is accused of containing tainted code.
Therefore they should be dDosed
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
They intentionally released (and continue to intentionally release) Linux distributions including GPLed kernel code containing the putative code that they're whining about. AFAICT, that's what counts in court. Whether they unintentionally shot themselves in the foot (or head) at the same time appears to be immaterial.
I can't see a way of propagating that far enough back to force UnixWare open - but I'd be laughing for days if it did happen, it'd be near as funny as Microsoft GPLing the Windows 2003 source code.
Got time? Spend some of it coding or testing
This has been a communique from the Anti-Stupidity League. Further communication shall follow.
I think that this DDOS attack is unfortunate, not because I have any love for SCO, but rather because it makes the Linux community look bad. Never mind that IBM has the biggest motive to attack SCO; most of the sort of people that use "cracker" and "hacker" simultaneously will just see Linux as juvenile computer criminals-are us.
This is not surprising, however, since SCO has made a giant ass of themselves.
Kinda ironic that this is the same company that uses the phone number 1-888-GO-LINUX. It's right there on their feedback page.
(btw, the above was supposed to be a joke, mister humor-impaired-FBI-agent)
You really don't want to get involved with those Linux hooligans. Do anything they don't like and they'll attack your systems.
So buy Microsoft. Because we never get attacked!*
* exceptions include Nimda, CodeRed, Slammer, VB-scripts, MSWord macros, I love you, trojans, haxors, script kiddies, anyone with a degree in computer science, that guy in your class with the messy hair and your grandmother.
This is left as an exercise for the reader.
In fact, I've influenced clients to go with BSD instead of linux for just that reason.
Listen to yourself: You're advocating the use of an OS based on the who is using it.
I'll never understand this way of thinking.. A good product will always attact good and bad people in mass.. Let's just imagine for second that everyone listened to the BSD advocates, and switched to BSD. Where are you going to turn when the idiots follow again? Is there some section in the BSD license that makes it impossible for the kiddies to use it or something?
How are you going to prevent people you don't like from using something that is useful?
More imporantly, why do you even care who else uses your software? After all, it is your software.
I guess some people were just born to be bitter..
Why do I keep typing pythong?
So now the general public, and all the PHB's out there see it like this:
SCO does something wholly American by pursuing "Legal Action" against those open source thieves. And these linux "hackers" respond by in a "hackerly" manner.
Great. As long as we keep up on the snide comments made to "Windoze Luzurz", we should be right on track to obscurity.
Shift happens. Fire it up.
When I started out writing software back around 1980, computers were just cool. Nobody really cared which OS you ran and we were as excited by the Amiga as we were by Atari, Apple, or whatever else computer. It never seemed to matter that much what OS they were running. Now it seems as bad as any religion. People seem to think that theirs is the only true way and everybody else is going to hell. So many seem to think that they have to convert everybody else to their OS religion or else destroy them. I'm so sickened by what the computer geek world has become.
I'm reading through these comments and I see so many who believe that snuffing somebody off the net via DDoS is good and justified. More disturbingly, I see so many other posts by people who say they don't agree with this tactic, but that SCO "deserves" it. Deserves it for what? For believing that they have intellectual property that's been stolen and wanting to protect it? For not agreeing with the Church of Open Source and asserting that they have a right to keep intellectual property to themselves?
People don't know what or how much SCO claims is stolen, but since their claim threatens the First United Assembly of Linux, they're considered evil and they must be destroyed by any means possible. It's not about right or wrong, it's about us vs. them, and that is so very wrong.
This "us vs. them" mentality seems strangely similar to the attitudes of terrorists who want to cleanse the world of infidels. Sure, the users aren't killing actual people (so far), but obviously some are willing to cut off the lifeline of an offending business. Isn't this just another, softer, form of terrorism?
Some of the posts on this thread even propose that SCO or IBM or Microsoft are behind this whole thing. Doesn't that seem at least glancingly similar to the supporters of religious terrorism proposing that the countries which are the target of attacks are perpetrating the attacks themselves? Is the community so desperate to believe that it's right that it will blind itself to the reality that perhaps some of its own members are taking things too far?
Are there any reasonable voices left? Is anyone willing to wait and see what and how much SCO claims was stolen before convicting them of some perceived crime against their Linux God? Or is this really how the world operates now? Do we just read the headlines, draw conclusions using vague information, then either join the mobs or stand by while the mobs torch them and say "well, they deserve it"? If they're vindicated in the end, will we just excuse ourselves by saying that they deserved it anyhow for all their other crimes against Linux?
SCO have made the code publicly available, long before they prepared or made complaint against IBM
Many people have mentioned this over the last few weeks. There's a problem in this logic.
The GPL that you mentioned is being imposed on the code by the party that contributed it (IBM, in this case). Even though SCO is distributing it as SCO Linux, the code is still the property and responsibility of the contributer. SCO can not be held responsible for any IP infiringement done by the developers.
Hence, if IBM put any of SCO's code in the Linux kernel and released it under the GPL, it's IBM who infringed SCO's IP.
Not that I am a SCO supporter, just pointing out the problem with the way some of us are looking at the issue.
I copied this sig.
type of behaviour. Linux supporters had been putting in so much effort over the years to gain mainstream acceptance. To portray ourselves as a bunch of fanatics who do not hesitate to annihilate any oppositions will only garner more resistance to the OSS movement.
Shame on you!
Reality is what we taste, smell, see, hear and touch yet we cannot comprehend it...only approximate it.
"If any of you have questions, concerns or comments, feel free to contact me directly at darl@sco.com or my direct dial office number is 801-932-5820.
Very sincerely yours,
Darl McBride
President and CEO
The SCO Group"
found here
-- Given enough time and money, Microsoft will eventualy invent UNIX.
It only plays into SCO's hands by doing DOS and other attacks against them. Those of you who are doing this are only proving to SCO and to the rest of the world that the Linux community is a bunch of hackers and script kiddies.
Yes, what they are doing is reprehensible and it should be stopped, but not like this.
GJC
Gregory Casamento
## Chief Maintainer for GNUstep
There Is No DoS Attack. The Infidels are running scared behind their dial up aol accounts....
-Cnik
It was a Distributed Recursive Denial Of Service.
I prefer the "u" in honour as it seems to be missing these days.
Unquestionably.
I think the GPL penny really hasn't dropped at all for so many important companies. Only a few people within SUn seem to really `get it', for example, and on the other side of the coin there are countless PHBs convinced that if they let a GPLed program in the door, every shred of their own software immediately becomes public.
Got time? Spend some of it coding or testing
The amazingly stupid thing about this is:
1) it makes a clear case for increasing criminal penalties for interfering with comm services.
2) It doesn't hurt SCO. It may, however, bankrupt the small, independent ISP they chose to do business with.
3) Even if it did hurt SCO, who gets canned over it? The lawyers? Nope. The CEO? Nope. The first-level support guys who live paycheck-to-paycheck? Yep.
DDOS'ing a company is a stupid, childish, and completely counter-productive thing to do. It harms nobody but innocent bystanders. Cheering these idiots on is no different from cheering on any other vandal.
I hate to say it, but these recent events can be taken several different ways. Consider this: Even under a massive DDoS attack, their servers running SCO Unix are still functioning, quite well. I still get very quick responses when visiting their site. And nobody has succeeded at hacking/defacing it yet.
I would have expected a good DDoS attack to make them completely inaccessible, but when I go to their site I don't notice any difference.
Hey, thats our DDoS code you used! wait... nevermind...
Some time after midnight tonite, our network was hit with another large scale port 1434 DOS attack. The admin is concerned that there may be another new vulnerability in MS SQL Server. This attack saturated two T3s. People should be aware there may be another vulnerability in Microsoft OSes that is recently being exploited.
It was unintentional until they discovered the code.
Today, Sunday May 4 2003, 2:23 am MDT, they know their code is in it, and they are still distributing it under the GPL. They'd have had a case if they'd pulled it, but they haven't. From this point forward, SCO, by knowingly distributing the code under the GPL, are knowingly licensing that code for use under the GPL.
This, by the way, also hurts their damage claims. "If this code is so valuable that its distribution under the GPL caused you harm, then why did you knowingly continue to distribute it under the GPL?"
Let's see how long until SCO picks up on this and stops distributing Linux with the disputed code in it. My bet: never.
How can I volunteer my CPU cycles and bandwidth for this distributed computing project?
Nothing to see here; Move along.
As much as I dislike SCO, I have to wonder if this was actually a *bad* move. Couldn't SCO try to work this into its case as some sort of 'FUD' to try to make it look like IBM was somehow responsible, or that Linux users -- who already "stole" their code -- are now attacking them?
I hate SCO. But I'd hate even more if SCO could somehow spin this to help their case.
________________________________________________
suwain_2