Slashdot Mirror

← Back to Stories (view on slashdot.org)

SCO DOS Harming Innocent Bystanders

Posted by ryuzaki0 on from the scoop-of-sco-every-day dept.

An anonymous reader writes "The SCO-IBM-Linux controversy has certainly caused quite a stir. Unfortunately the vigilantes conducting the DOS attacks against SCO are harming innocent by-standers as described in this e-Week story. " Choice conspiracy theory quote: 'Given SCO's behavior recently, it's just as likely that they're attacking themselves in their continued attempt to pump up their stock price'

3 of 422 comments (clear)

  1. Groklaw skeptical about Dos by gvc · · Score: 5, Informative
    This piece in Groklaw makes a pretty good case that SCO's problems are unlikely due to DoS. Among their points:
    • SCO refraining from putting out a press release? Anything wrong with this picture?
    • One thing is clear, if it were a denial of service attack, it'd be one for the record books.
  2. What DDoS by Anonymous Coward · · Score: 5, Informative

    My company hosts at the same Data Center. That center is a professional setup. They have good redundant internet pipes from multiple providers. A DoS attack based on flooding would be quite difficult. Some other big players are there as well. No one has recieved this collateral damage. I believe CenterShift is having trouble with poor server administration, maybe even some problems with Sobig or variants and are trying to blame someone else for their down time. We keep a close eye on things and if something is happening to SCO it is not hitting other customers.

    On another note, the center is also owned by the Canopy Group and is very Linux friendly. Many of thier comercial offerings involve Linux and their monitoring is based on Cricket. I wonder how they (and other Canopy Group companies) are feeling about this whole mess.

  3. Re:Yeah well by MuParadigm · · Score: 5, Informative

    "'Stepping aside from the issues of how, architecturally, this would have spilled over into Centershift's domain, it should be known that bystanders are being injured as this war rages on,' Hafen added."

    Problem is, you can't really "step aside" from the architectural issues given the point he is making. The DDoS attacks on SCO have been exclusively aimed, as far as I can tell from the reports, at their *web* sites -- which appear to be located in a Denver co-location.

    If the attacks had been aimed at SCO's mail server, or local ISP connection, then then Hafen might have a point. But unless he's using the Denver co-lo for his office connection and e-mail, then I think he just has a problem with his ISP that is unrelated to the DDoS attacks on SCO.

    Besides which, I'm still not convinced SCO experienced any kind of DoS last weekend. I think they just came down for maintenance, and have since used misleading - but not outright mendacious - statements to "confirm" that they were attacked:

    a) "SCO considered issuing a formal statement in the matter,
    said Stowell, but decided against it."

    Because a formal statement would have been a denial of the
    attack?

    b) Stowell has also told the press that the "latest" attack
    has been reported to "law enforcement authorities".

    If the "latest" attack was in May, then Stowell's statement
    would remain as true as if the attack was in August. Note also
    the vague phrase "law enforcement authorities" rather than
    specifying which agency was contacted, as if Stowell didn't
    want anyone following up on the matter. In the May attack,
    Stowell was very specific as to which agency the attack had
    been reported to - the FBI Cyber Crimes division.

    c) When called, people working for SCO either don't know why the
    web site is down, or say it was down for an upgrade or
    maintenance. I know, because I was one of the people who
    called, and I documented the conversation at Groklaw
    (http://radio.weblogs.com/0120124/, about 2/3 down the page).

    d) The recent outages generally start during non-business hours.
    SCO possibly had a short DoS attack on Friday afternoon, but
    there is no way it kept them down for 3 days; the utter
    vagueness of their public announcements regarding it do not
    lend confidence to the idea that they experienced any DoS
    attack at all; their own employees have consistently told
    callers that the site is/was down for maintenance; sites on
    the same Center 7 network (canopy.com) were responding
    without problems during the SCO outages; and even SCO's
    public statements have confirmed that outages since the
    weekend outage were for maintenance:

    The outage prompted Netcraft to declare that
    SCO was again the target of a DoS attack. However,
    the outage was actually due to preventative
    measures taken by SCO and its hosting service to
    mitigate the effects of future attacks, according
    to company spokesman Marc Modersitzki.
    (http://www.eweek.com/article2/0,3959,1233231,00.a sp)

    So, in short, I think that a) SCO didn't experience any DoS attacks, and b) that Centershift / Hafen has problems with their ISP and should get a new one rather than making statements to the press that their Internet problems are due to inadequately verified DoS attacks on SCO's webserver in Denver, hundreds of miles away from Centershift's Salt Lake City offices.