Slashdot Mirror
SCO Group Web Site Attacked Again
FreeLinux writes "With not much SCO news today, it seemed that this story was needed - Reuters is reporting that, SCO is again suffering under a DDoS attack that has crippled their web site and email system since Wednesday morning. For the third time this year, the SCO Group's Web site came under attack, apparently by hackers unhappy with the company's legal threats against users of the Linux operating system. The denial-of-service attack started at 6:20 a.m. EST Wednesday and continued through the day, said Blake Stowell, spokesman for the Lindon-based company."
Grow up. Settle it by the law.
...and the happy folks at Groklaw already have a statement up with arguments to effect that SCO is fibbing. They think the attack could be a hoax.
You say
I don't see how this is going to help. Knowing SCO, they might try to make themselves the martyrs and use the attacks to cast a bad light on the Linux community in general. This issue has already gotten nasty enough anyway.
If my answers frighten you, stop asking scary questions.
...Because this really makes the Linux community look like upstanding citizens.
Well, this IS America, where a small group of undesirables can spoil it for everyone.
...by Eric S. Raymond.
He makes it clear that SCO is attacking everyone, but he opposes DOS'ing them saying that "the open source community must use the truth, not criminal methods, as its weapons." Nicely done
The Army reading list
... do we have to say that this is exactly the kind of thing that we DON'T need? DDoSing them because you are unhappy with the way that they are doing things does nothing but to put a bad name on Linux, its users, and the whole issue in general. All you are doing is sinking to their level, rather than being mature and letting the battle be fought the way it should be, in court ( or, if worse come to worse, with torches and pitchforks in front of SCOs headquarters ;) ).
And so we go, on with our lives
We know the truth, but prefer lies
Lies are simple, simple is bliss
There's been a ton of discussion of this on Groklaw today -- consensus is that either this is no attack, or their network is run by doofuses.
that everytime Darl is sitting on the john dropping a deuce (of course, we know that he is full of shit) and clogs up the toilet, he blames it on a DOP (denial of plumbing) attack by Linux users!
Press release to follow.....
No trees were harmed in the composition of this; however, numerous electrons were inconvenienced.
While I'd condemn the people Ddos'ing SCO. This feels like a pro choice abortion person who expresses his view by blowing up abortion clinics, while I can sympathize with the victim (in our case the Linux geeks that SCO is annoying) I can't sympathize with the method used (plugging up the site).
Though feeling sorry for SCO to the contrary requires me to reach too far deep into my dark side for that, sorry SCO you're on your own.
...in bed
SCO launches a lawsuit against the anonymous hackers.
In related news, SCO caims ownership of "ping", and will licence it starting at $1000.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
But who's to say it wasn't instigated by somebody who makes linux users look like trapped animals.
Well, this ground has been tread in this forum before.
But if you know anyone who has hinted that they may be involved in something like this, you'd better re-evaluate your choice of friends.
Hint: THEY'RE l4m3 (sic)
If you're going to bother SCO, flood the official channels (phone, write letters, etc.). Don't do anything that could be considered vandalous.
Fuck Beta. Fuck Dice
... for obvious reasons.
Simma down, now.
spokesman for the Lindon-based company
SCO is Linux-based company, not Lindon-based. What you probably meant to say is Lindows-based, but that's just plain incorrect. SCO is a Linux vendor.
Err, I mean, that's very unfortunate. I wish them the best of luck in this and future endeavors.
Folks, if it's a SCO story, check with Groklaw before passing judgment. For every bit of FUD coming out of Linden, a blast of anti-FUD is lobbied back.
on one hand, i think that is funny as hell, and a little vigilante jsutice is healthy...
but ont he other hand, that makes the rest of us look really really bad. naturally, all the other antisco prognu/linux people will be pegged as those who take matters into their own hands..
but it's still pretty funny
xao
xao
http://TheHillforum.hopto.org
Really this kind of attack may seem funny but it doesn't really help the generally uninformed public get a good idea of the average Linux user. These kinds of attacks make us seem like a bunch of evil troublemaking teenage hackers. I thought most linux users were working towards a larger public acceptance of open source software.
Celebrities are like ads, if we all ignore them, they'll just go away.
Linux, I think that says it all, don't you?
Beware John Titor
Do the trolls that are doing this really think this is going to help the situation?
Yeah SCO are idiots, yeah they are jumping up and down screaming for attention and dribbling 100% crap but is this going to make them stop?
All this does is give them the impression that the Linux community is scared and that this is the only way we can fight them. It tells them that we are feeling guilty and are trying to keep them quiet.
Actions such as this only gives them more reason to bag the Linux community.
(\(\
(^.^)
(")")
*This is the cute bunny virus, please copy this into your sig so it can spread
that seems nothing comparing with the impack that few linux distro get hacked in and gnu.org too. okay, probably not much physical damage has been done, but it still doesn't sounds good, does it? what is up with it ? has linux draw too much attention latey ?
Are they dossed? it seems i can't connect to sco.com . Oh Wait, maybe it is slashdotted =)
http://www.groklaw.net/article.php?story=200312101 63721614
If it is a DDoS attack, SCO are incompetent for not blocking it. Or it is just more FUD.
Head over to Netcraft News and see how this server "died". If this is a DDOS attach I am Queen of Spain.
Help fight continental drift.
...a Slashdotting?
Crybabies!
This Like That - fun with words!
Nah, they've just been Slashdotted.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
a Pro-LIFE abortion person who blows up abortion clinics....
...in bed
Y'know, I'm almost paranoid enough to believe that since SCO has taken a couple of hits w/ no really "buzzing" FUD that they did this to themselves. It's not like they need the site to do business or anything...
I know, I know. Utterly paranoid.
Someone tell the wannabe hackers to quit trying to fight OSS's battles, we don't want them on our side...
This is a load of rubbish. See Groklaw for a much deeper and more insightful look at what really happened, a full explanation of the technicalities of the DDOS attack (claimed as a SYN attack that took up all the bandwidth and flattened their e-mail - and yet you can still get to ftp.sco.com (on same subnet), smtp.sco.com all other XO.net fed servers. Groklaw also noticed that the machine was down well before the press release claims and that it went straight down - no hiccups or other indications of a DDOS attack, just a straight gone - switched off or unplugged most likely.
See the netcraft stats for that little bit. If SCO make any claim that this is a DDOS, they are lying through their teeth and the evidence was collected as it happened - see the members zone at Groklaw for the raw Traceroute returns.
An infinite number of monkeys will eventually come up with the complete works of
Because only hackers use Linux... not like those lame crackers who only want to be malicious and crash systems with their scripts and rooted boxes.
More like "crying wolf", people. Lies and the Lying Liars Who Tell Them, Second Edition?!
It's all of those corporate Linux users beating down their door to buy licenses. Hurry and get yours today before they're all gone!
As seen on Wired: Get a free desktop PC
Causing collateral damage without any hope of actually having any effect at all is plain evil ... people like that are simply looking for a fight, they would be DOSing and bombing anyway but feeling self-righteous while doing it is even better.
Come on, Slashdot ... putting SCO on the front page (multiple times sometimes) day after day after day ... and you don't call that deliberate Slashdotting^WDDoS?!
I call BS.
Expect letters from Boies and company any time now. "SCO Sues Media Giant Slashdot" the next headline?
Dlugar
Computer Go: Writing Software to Play the Ancient Game of Go
These are the same guys that rooted the debian, fsf, and gentoo mirror box.
They are now trying to make the linux community look like crackers.
The greatest threat to SCO's profitability TODAY is not coming from IP in Linux, but from Windows IPs.
I know that this is already covered, but I just don't comprehend why people would do DoS attacks just to prove a point. There is already a lawsuit.
Whoop-de-frickin' doo! Let the courts do their thing first. If SCO is as messed up as everyone says, then they will have no case and it will all be good in Linux Land.
This story apparently inspired some poor systems peon at sco to set up email autoresponse to the email address mentioned in the story.
I tried it, it works. At least someone at SCO has some sense of humor.
Buford "Mad Dog" Tannen
We find million of attempted downloads of \\mcbride.sco.com\downloads\videos\beercancrusher. avi
Have you used SCO UNIX? The DOS is probably SCO admins who just wished their OS could have features that have only been available in other OSes for YEARS!
Angry People Rule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
You can help out by clicking here....
You didn't think I meant you should help SCO out did you?...
I expect the blatient misuse of hacker as a synonym for computer criminal in the mainstream press, but I woulda hoped that Slashdot would do better.
"Mission Accomplished" -- George W. Bush May 1, 2003
Um, "simoniker" -- you should have posted when they had suffered ... not while they're still suffering. Of course with a link back to SCO.
i am wondering what's been up with lately few exploits to linux distro and gnu.org. maybe it didn't do any physical damage. but it doesn't sound good, does it? has linux been going too hype and draw too much attention now ?
How do I enlist my computer as a zombie in the horde to attack SCO?
Cyde Weys Musings - Scrutinizing the inscrutable
According to Groklaw, not only is it implausible that this is a real attack, it's not even competently done. SCO blames a SYN flood, which is trivial to ignore. Their ISP hasn't had anything to do about it. While they say their email server was down, it actually wasn't. Their FTP server on the next IP over (and on the same block of addresses) had no problems. Their internal network almost certainly isn't anywhere near their Web server, network wise, and, if it was, it would almost certainly have a firewall that's not the web server.
It's clear that SCO's run out of technical people; not only are they faking technical problems, they can't even make up a technically sound attack on their own systems.
...playing for the sad souls at SCO...
I find it quite sad that our community has to loudly distance itself from supposed DDoS attacks and such against SCO while SCO makes a total mockery of the legal system and justice in general with their current campaign. For those who may not have noticed some earlier posts, discussion on Groklaw has brought up the possibility that this isn't a DDoS, but either just idiotic network admins on SCO's part, or perhaps even an intentional takedown to *cough* allow for a nice bit of publicity on their part. Whatever the true case is (and I'm not advocating any as the real one, I'll leave that for others to decide), SCO has certainly scored some nice negative publicity towards the OSS crowd, even if the DDoS is real and the attackers have nothing to do with OSS.
IIRC there was an earlier supposed DDoS against SCO's servers that turned out to be that the servers were just down.
In any case, it's nice to see the /. crowd (as always) advocating fair play and not using vigilante justice. Too bad SCO doesn't seem to believe in the fair play bit.
You insensitive clod!
You can lead a horse to water, but you can't make it dissolve.
While I in no way condone this, it's to be expected. SCO is pissing off a lot of people, and this is the kind of thing that is bound to happen when geeks are rather peeved. Granted, it shouldn't happen, but neither should any criminal activity. Not everybody is as mature is *cough* the /. community here, where we all shun such actions. I'm rather surprised it hasn't happened more, actually...
That being said, SCO is probably revelling in this, even if it is genuine. In fact, DDoS is probably one of the perks to this whole thing - it makes everybody but them look bad, and they come out perfectly clean to the media. Playing the innocent little child who got their candy stolen, I dare say.
Just yesterday, I was talking to a friend, and he offhandedly called linux a "hackers OS" - a he meant it the hacker = cracker way. I asked him what he meant, and he said that the reason Microsoft has so much security problems is because linux users hate Microsoft, and so they try and create problems for Microsoft. I was floored.
...)
I argued with him for a bit, most of it probably the same stuff you have all been through. One bit I got a kick out of was him claiming that perl was a hacker (=cracker) language, and since perl was "made for linux", that showed that linux was for hackers (=crackers).
It is pretty tough to argue logically with that, but I pointed out that you can get perl for just about any OS. He said that it was "really hard to install on Windows". I had just installed it about two weeks earlier, and it took about 15 minutes (most of that for the download).
Anyways, the reason I am writing all that is because things like DOS'ing SCO don't help perception of linux at all. Next time I argue with him, he can bring this up, and what can I say? Obviously, it is linux users doing the damage.
There is absolutely no benefit for the Free Software movement from this behavior - it only generates sympathy for SCO, and "proves" the kind of outrageous claims that SCO is making (linux users have no respect for the law
Doesn't really matter how you slice it. Either SCO is staging another media event, or they are just too technically incompetent to be selling technical services. Remember, technical services or technical something-or-other is still supposed to be the real reason for the existence of the company.
However, I'll go ahead and note that I thought I might have been targeted for a DoS attack yesterday. (I have one of the best collections of political commentary online, and dittoheads are notoriously lacking in senses of humor.) Still not sure what the real cause was, but rebooting my ADSL modem took care of it. I've never seen it in such a strange state, however. The upload speed was normal, 512K, but my download is normally over a meg, and it was running at 64K.
One would certainly hope that SCO has greater technical sophistication than that...
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
So not a bandwidth consuming DDOS just like groklaw stated...
But then again, we are a bunch of unwashed amateurs, and THEY Wrote UNIX and know all about how to keep it secure and running...
So It must be something We are doing.
From the article header:
For the third time this year, the SCO Group's Web site came under attack, apparently by hackers unhappy with the company's legal threats against users of the Linux operating system.Where in the article did it say this? I certainly can't find it.
Slashdot editors might want to RTFA before approving a post. The submitter of this one got a wee bit overzealous.
Karma: Frotzed (mostly due to the Frobozz Magic Karma Company)
Admins?
IS THAT what MSCE's grow up into?
Look at what SCO does to the Linux community.. fractures and bickering... Destroying something that was supposed to be moral and good for all.
One can almost feel the power of the ring at work....
I work in the Canopy Group office buildings at another (non-evil) company. We're all serviced by Center7 and the last time there was the confirmed/acknowledged DDOS attack we felt it hard. Getting to hosts outside of the building was very difficult all day.
No hiccups today. Center7 did promise last time that they could and would isolate everyone else from SCO, so there is another explanation, but...
Tweet, tweet.
/nt
I would be glad the offender would have used it for something better than spreading out pr0n...
Sadly, it's not been compromised at all.
Lex
1)
I nominate "hanging a rope."
Serious, think of it...
;)
Take the website out, reduce the possibility of something else stupid that Darl said ending up out there for people to read. Darl should find out who this guy is and put him on his legal team.
Apologies to those who think I should be calling the guy a cracker instead of a hacker. But the guy doing it might not be white.
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
This is complete BS. Blake Stowell, or... You choose, both are accurate.
Groklaw has the results of analysis. In short, 1 of 2 things happened.
1. SCO misconfigured their Linux(!) web server (and thus it is affected by SYN flood)
2. SCO is full of it, and took the thing down for PR value, or less likely maintainence.
Which ever it is, SCO is the cause of the problem.
ATTN Slashdot: You guys need to attand a course in journalism. Change the title of this story, it is misleading.
I so want to mod this up as funny... but I know where that'll go in M2 :^
I would like to suggest that, once this case is finally settled, Slashdot begin using the caldera systems icon for "Laugh, it's Funny" instead of the Monty Python foot. I know I already associate that blue and red C with a good humourous story.
Jedidiah.
Craft Beer Programming T-shirts
(This would have fitted on a single CD. I think we should add environmental terrorism to the list of SCO's offences.)
the SCO Group's Web site came under attack, apparently by hackers unhappy with the company's legal threats against users of the Linux operating system
attacked by who? There's no evidence to support this - you call this reportage??
Well... pending on how one wishes to view the situation it could also be described as a "sit in" a-la what the hippies did years ago. Civil disobedience as such. Yes, I know it is not the same thing, but it is not that different.
That being said *IF* the DDoS is coming from compromised machines without there owners permission that is criminal but if it is otherwise (read: users permission coordinated demonstration) then calling it criminal seems a bit harsh. Digital Civil Disobedience seems more accurate.
Open Source advocates will be seen as malicious tyrants
... all's fair in love and war" to paraphrase Shakespeare.
due to the behavior of a few uneducated malcontents who
think the best way to fight a propaganda war is to shoot
people in the head.
This would be a great tactic by Microsoft (I mention them
due to their investment into SCO). Open Source must really
be hurting their bottom line. They want from smirking about
Linux as a "toy" operating system to showing up at Linuxworld
and investing in a Linux Company. Hmm.
The tactic is to create your own enemy and make their behavior
so atrocious that public opinion sides with you.
It's a perfect tactic a la "Art of War" or "Book of Five Rings"
principles. (Principles as opposed to specific tangible instructions
to do this or that. Principles allow one to determine the proper
method of action based on the situation and the use of imagination,
because one is not bound to static instructions. A philosophy derived
from a good understanding of principle provides an enormous range of intellectual tools to assist one in solving problems. The Philosophy
in the aforementioned books is based on principles of combat)
In a propaganda war, appearances matter. The goal is to control public
opinion rather than some anonymous geographical location.
Vietnam was a propaganda war. So is Iraq, Bosnia, Grenada, Iran/Iraq,
etc., etc., etc.
Even the so called "Great War" (WWII youngsters) was about what we think
of the Axis powers. We supported Germany for a time based on the advice
of Ambassador Joe Kennedy, partriarch of the infamous Bostonian clan.
Anyay, I digress. My point is; if Open Source advocates are responsible
for this, they are misguided and quite stoopid (more severe than being
just plain stupid) and it does nothing to reinforce positive public opinion
regarding open source philosophy. However, there is nothing to suggest that this is not a tactic by an avowed enemy, designed to create negative public
opinion about the kind of people who advocate open source.
Remember folks, this is a philosophical war and
"
Our freedom to use computers as we see fit is in jeopardy.
Simply, after the recent news on the investment retreat, their site got slashdotted, that's all!
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
"The attack caused the company's Web site (http://www.sco.com) and corporate operational traffic to be unavailable during the morning hours including e-mail, the company intranet, and customer support operations,"
Can someone explain to me how the email (internal mailservers I'm guessing), intranet are effecting by a D/DoS?
You have a public webserver in your DMZ that has a public IP address (or share's one)..
EVERYTHING else should be behind firewall, router, big man w/ gun...
How in the holy hell love of GOD is there INTERNAL network effected by an outwardly created SYN flood?
Either they have horribly a misconfigured/monkey created network or their PR shoved his foot in his mouth...
Either way someone should get fired....
It is highly suspect that a company who's web site was felled by an ancient and easily defended 'attack' was able to so expertly and swiftly identify the cause in time to write up and distribute a press release before the close of business.
D'harl may be smarter than we thought - the majority of GPL'd distros have vanished from ftp.sco.com
An infinite number of monkeys will eventually come up with the complete works of
How's this for a theory:
SCO's webserver was compromized by the same kernel exploit that got debian. Somebody checked their www servers and found they were rooted. It could explain why ftp.sco.com and elearnin.sco.com is still up and working just fine.
It also explains why in a couple of news articles that the website will be down for about 12 hours - enough time to do a restore of the website. Once the system is patched just put back in the cable!
I've been folowing this story all day and the last thing I expected to see on /. was a regurgitation of "facts" with a 'questionable heritage'.
Several sites (groklaw, lwn) have already pointed out that the claims of being hacked should be viewed with a liberal ointment of skepticism for any of the following reasons;
one better than mcleodeight
This is getting just annoying. As has already been pointed out, the facts point to this being another hoax. However, as not everyone else in this community knows much about Security, let me add my few years of experience in to help those who don't understand.
I should point out, this has pretty much been covered by Groklaw already and my methods don't vary too much from those already posted by them.
SCO claims their email and web servers are unavailable because of a DDoS attack that has also infiltrated their Intranet and affected helpdesk services as well as other internal services. If this is the case, then it is more than just a DDoS they're suffering, or they are negligent in the highest order for failing to take simple steps to ensure a risk mitigated environment for conducting business within.
Lets start with their Mail Server.
Everyone has a backup mail server, usually hosted by a 3rd party to ensure that if your primary mail server is offline for any reason, mail can still be delivered successfully. The fact that SCO claimed their mail servers were unavailable suggests they either failed to purchase this extremely basic service or their setup is absolutely wrong by anyones standards. The purpose of multiple MX records is for this exact situation. You start with a high priority MX record (say 10) and work your way down the order (usually in steps of +10, so the secondary is usually 20).
Their Web Server
Their webserver is hosted on exactly the same subnet as their ftp server. However, during this attack, their FTP server has been available to anyone thats tried to connect to it. If they were suffering a DDoS attack of the proportions that SCO claims, this server would also have been affected and taken offline. Yet this is not the case. This blows open entirely the philosophy of a DDoS attack without any of the further evidence.
SCO has alluded to the fact that the attack is a basic SYN Flood. A very simple and old attack that has been blockable by nearly every appliance and OS for the past 3 years at least. Yet if they are suffering as they claim, then they are guilty of negligence for failing to apply patches or even configure their platforms correctly. Its very easy to turn the SYN Cookies on in Linux (sysctl isn't rocket science) and just as easy in something like a Cisco Router/PIX Firewall or a Checkpoint Firewall.
The claims that this has adversely affected their intranet suggests that the intranet is in some way exposed to the Internet. Even more alarming is the fact that it disabled their Helpdesk services for a period as well. This would suggest that their network has absolutely no perimeter protection of any kind. The smallest flaw in a product they use could apparently be used to access their core network infrastructure. Isn't that where their source code and IP documentation are kept? I'd start getting very worried about now if I were an investor.
Due diligence is a core principle of any company. That includes ensuring that the services relied upon are securely and properly setup and maintained. If SCO truly has been affected by an attack of any kind on the magnitued they're claiming, then they should be legally responsible for the results of their failure to perform due diligence. (However, IANAL so don't quote me on legalities, especially given I live in NZ, not the US).
In short, the supposed attack on SCO does not add up at all. In fact, if they are being attacked this time round, they are in serious legal trouble themselves if their reports are accurate.
I would also question why they have released this to the press as a Press Release instead of getting on with fixing the problem as quickly as possible. Also, how is it that their mail services are now restored, their FTP server never offline, yet their website remains offline? Surely, a DDoS would affect both.
Not to mention the fact that it would affect SCOs upstream provider who, when contacted last time, saw absolutely no evidence of an attack in progress at a
Wasn't it just a flood of Linux license payments?
"She's a West Texas girl, just like me" - G.W Bush Iraqis
is the SCO admin that tripped over the power cord. Oh blame it on the upset penguins
so does that mean they can sue themselves?
Darl McBride, stumbling drunk (as usual) around SCO's headquarters, accidently tripped over the server's power cord.
SCO's technicians are busy working to fix the problem.
---
Never criticize religion on Slashdot. You will be modded down for "Troll" no matter how factual it is.
Well, everyone hates SCO, and I can't say that they didn't have it coming, but... unfortunately, this is just the sort of thing that SCO's legal/media thugs will use as ammunition ("see, we TOLD you they didn't have any respect for the law or the business world, just look what they did to our website!")
Of course, it's utter bullshit to pin this sort of childish prank on the OSS/free software community, but SCO seems to love utter bullshit.
Anonymous Luddite: "What do you think of the dehumanizing effects of the Internet?"
Andy Grove: "Not Much."
just out of curiousity, what do you think makes people assume that any attacks on sco are from the linux community? to me, its almost as if walmart.com got attacked and everyone blamed the mom-and-pop stores. ridiculous.
Gyrate Dot Org - "Where high-tech meets low-life"
Comment removed based on user account deletion
i said OR, not XOR - it is completely possible it is both
An infinite number of monkeys will eventually come up with the complete works of
It's amazing that they are only DoS'd during their employee's working hours.
Look, lowering ourselves to SCO's standards is not the way to do this. Cut it out.
This sig no verb.
Scientology Cruise Organization?
Since Linux/OSS is now winning in such a large way, I suspect that somebody is trying to make the Linux world look bad. I would not be surprised if SCO (or MS) is actually doing this on their other systems.
I prefer the "u" in honour as it seems to be missing these days.
They probably wanted to announce at the meeting on December 22 that, under cover of this DDoS, evil hackers broke in and deleted all the evidence SCO was surely about to hand over to the court. Then, having learned from OJ and the Ramsey parents, they'd go hire a detective to seek out the evil people responsible for the death of their case.
Get off my launchpad!
Maybe you should go help them out--SCO can only manage to fit about 20,000 pages on a CD.
.TIFF files sure do take up a lot of space!
What can I say, those
(I honestly wish I was kidding here, but I'm not. Mmm-hmm. TIFF files. Of source code. Yup.)
pb Reply or e-mail; don't vaguely moderate.
A syn-FUD attack.
You claim to be attacked.
Unplug the web server.
I am the unwilling control for my Origin.
That was one of the most well-though-out, insightful replies I'll never read.
Distributed Denial of Stock?
SCO quicly respond by sending a quickfix pressrelease.
God is REAL! Unless explicitly declared INTEGER
The group(s) would be attacking all SCO boxes online rather than just a single web site. Why take down the company if you can simply make their customers quit buying their crap. No, I suspect this is just a hoax.
I prefer the "u" in honour as it seems to be missing these days.
Careful.
There is a decent chance that their claims are designed to inflame.
Claim the Open Source community is behind it and you get a bunch of people who have already been accused starting to think they may as well commit the 'crime' for which they are being blamed.
Sure the claims made by SCO have always been seen to be ridiculous, from a technical POV. But their point has never been to convince the geeks. They are playing to a larger audience and seen in that light their bumbling and fumbling, technically, starts to look a little more deliberate.
Call me paranoid, but SCO could be trying to create the incident they claim is ocurring right now.
I agree, it is better to settle it by law and nor do I endorse the actions of a DoS but...
The law is broken or how about the SEC get after SCO execs for stock manipulation or with their mail of licensing - extortion.
This is a case where it has de-generated to basics.
They used zip files, laden with IP problems...
I wonder if that is a symbolic nod to our future owners.
the SCO Group's Web site came under attack, apparently by hackers unhappy with the company's legal threats against users of the Linux operating system
Please tell me how they know what these 'hackers' were unhappy with. This could have been done by anyone.
WARNING: I'm going to vector some rumours here. Feel free to slap them down if inaccurate, as I'm too damned lazy/tired to investigate myself right now.
There are some rumours floating around the Yahoo SCOX message board that several directories containing Linux source code, such as patches and updates, are now missing from SCO's ftp server. Months ago, many people pointed out that SCO itself continued distributing copies of the kernel in support and updates directories on their ftp server. There is also speculation the strangely internal nature of this so-called DDoS attack may be part of an Ollie North operation to prevent certain evidence from falling into IBM's hands via discovery.
SCO's execs need to read The Boy Who Cried Wolf a few times, and learn the lesson within. Darl, unlike Ken Lay, does not have close friends in the White House, and probably would not escape prosecution for any illegal acts being committed under his watch at SCO.
Someday, you're going to die. Get over it.
Cheers
> With not much SCO news today, it seemed that this story was needed
Why exactly do we need another SCO story? Best thing is to let them die of inexposure. Slashdot has already overcovered them and any publicity for them, good or bad, shouldn't come from our hands at this point.
they are suffering the slashdot effect
posting 2 sco stories every day... seems more effective than any hacker attack.
The fundamental principle of civil disobedience is found in Thoreau's formulation that "Under a government which imprisons unjustly, the true place for a just man is also a prison." An act is not civil disobedience unless the protestor is at credible risk of being arrested. For a protest to deserve the honor of being described as civil disobedience, it requires risk and sacrifice.
Gandhi spent time in prison. As did MLK. And so did many of the serious anti-war activitists in the 60s.
There's a second issue. SCO is not a government. There is recourse through justice against SCO. So civil disobedience is, again, not appropriate; civil disobedience is directed against a government guilty of an injustice which cannot be redressed through ordinary means.
Those launching a DDoS against a company that's doing something stupid are risking nothing, are sacrificing nothing. They are also providing SCO with ammunition in their attempts to paint all Linux users as criminals (pirates, copyright violators, communists!). They're vandals, pure and simple, and the fact that they're vandalizing an asshole's house isn't a valid justification.
Posted this before I saw some of the excellent postings below which suggest that SCO's report of a DDoS may not be entirely above the board. s/Those launching a DDoS against a company that's doing something stupid are risking nothing, are sacrificing nothing./Those who would launch a DDoS against a company that's doing something stupid would be risking nothing, are sacrificing nothing./ etc.
go ask the people who work at the facility that hosts SCO websites.
ir.sco.com = 170.224.5.43
www.sco.com = 216.250.128.12
Your posting is NOT very informative, go back to MCSE school please.
I appreciate the upmods... but +3, and no replies confirming or refuting? Sure, it may seem interesting, but it will just look stupid if it turns out the files are a) still there, or b) disappeared long before now.
Someday, you're going to die. Get over it.
I mean, they're nuts, attacking lawyers like that....
if slashdot would just leave a link at the top and encourage their readership to legitimately visit sco's website every day (to read the latest news and information about their fine line of products and services) there would be no need for DDoS, it would be a continuous, daily slashdotting without any legal repercussions.
www.pixelectric.com
Can we get an edit for the groklaw link on the mainpage? Anyone who just skims the headlines is going to get a very skewed impression of todays events.
I guess you weren't paying attention at the time but his statements lead directly into SCO's plans. SCO used his words to make us all look bad and make ESR look like he had no control over his community (yes, I know we aren't subjects of ESR but that's how SCO made it look).
Just in case anyone didn't get that "Open Source" means "Budding Terrorist".
All this looks rather dodgy. Maybe they just hope to get slashdotted and then claim that this was the DDOS attack...
I'd be curious to know what % of the boxes involved in ddos'ing SCO are windows boxes and what % are *nix
TIAEAE!
After all, it's possible that SCO 'hired' a group of people to DDoS their own servers purely for further misrepresentation of the open-source community.
Founder of Mirror Moon - Tsukihime Game Trans
that Darl hung himself on the powercord from the webserver? Nah, to good to be true...
Comment removed based on user account deletion
Anyhow folks, the consensus at Groklaw is that either SCO are lying through their teeth and this is all FUD, or their network admin staff are a bunch of incompetents.
/. theory will be.
There are no prizes for guessing what the
You tell me, I got a hard time picking between "Fud" and "All of the above"...
Kjella
Live today, because you never know what tomorrow brings
I really hope someone has tipped the SEC... there needs to supoeanas of the ISPs involved, server logs, etc. Issuing false press releases to manipulate stock price (or for any reason) is quite illegal.
They are purging evidence from their web site right now!
oh. Wait...
Bad hackers! Bad! No soup for you!
"terrorism" and "pedophilia" are the root passwords to the Constitution
It should be at least +5 Caldera!
They had a 3rd person connect to their 2 user version of SCO Unix?
To know that you know what you know, and that you do not know what you do not know, that is true wisdom. --Scooby Doo
ironic
Something is suspicious about the announcement of a DDOS on a bad day for SCO stock (note that SCOX stock fell quite a bit today). Most likely, it is to divert attention from the real problems (investors speaking up, etc.)
/. lemmings went on a limb claiming "oh, c'mon guys, don't let *us all* get into distepute."
Some of the wall street lemmings will fall for this, just like many
S
Is it possible like Groklaw and other suggest that SCO could be staging this attack themselves to plead to the judge for more time. I imagine they could say "those darn linux users hacked us and deleted all our evidence judge we need a 1-12 month extension to do all our research again."
It's all Politics
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
anyone else think this could be possible? don't make me a karma scapegoat here for trying to find truth in an $co statement...
today is spelling optional day.
had any idea what they were doing on the web - they would have a plan in place for geographic redundancy of server hardware, and a fail over plan in the event that an IP address group was attacked. But of course - they don't, why? they are ass clowns. WHOOT! Long live Linux, cough, ahem, BSD.
This is +5 insightful?
In other news, Mafia-Boy could not be reached for comment.
SCO is plain wrong and their opponents should take the high ground. DDoS attacks are lame and feed the FUD.
"I say we take off, nuke the site from orbit. It's the only way to be sure."
Comment removed based on user account deletion
6:20EST? I guess their sysadmins decided it was time to take an extended smoke break and accidentally yanked a cable or something on the way out...
the good ground has been paved over by suicidal maniacs
No one can fall victim of a SYN flood attack these days. You don't need a DDOS with "thousands of servers" to do a SYN flood attack. SCO's ISP isn't suffering anything related to a DDOS attack. The shutdown pattern of the SCO's servers shows that they were unpluged. Groklaw has a good disection of the hoax.
/. editors waiting for, in order to update the story stating it as a fraud from SCO.
Therefore, I would like to know what are the
I wouldn't be surprised if SCO issues a press release tomorrow saying that the evidence they were going to show in January 5 was destroyed.
This is just too much. I thought "evil corporations" existed only on comic books, and hollywood movies.
At least they can't really prove that these alleged attacks are being performed using Linux. They can only guess it's a Linux user, since they're attacking Linux users (or rather they're trying to shake down Linux users) but who knows, it could be a Mac user. Right?
-Look lively. LOOK LIVELY!!! --Mr. Shmallow
SCO has launched a denial of truth attack against the linux community.
Dealing with bad feedback from the linux community gave Darl indigestion. He spent a little too much time on the can ... it overflowed... and flooded their server room which was just below the men's washroom.
I was wondering how it was our fault... guess now I know.
If only we could solve this with two guns, two bullets and 10 paces.
ftp.sco.com has an adjacent ip, probably on the same switch, and it is perfectly responsive. It's not a bandwidth clogging attack.
If this is honestly a DDOS attack, then there's bound to be more than enough logs on the servers. If they claim this caused any problems with their discovery, they will be asked to provide backup tapes and log files.
To destroy logs related to the attack or backup tapes that may contain evidence would be criminal at this point. If backups and logs don't exist, there will likely be inquiries on SCO's execs.
On a personal note, I must admit that this looks "fishy", but it'll all come out in the wash...
This isn't any type of flood. Check with the ISPs involved, check the bandwidth availability, and do a little research instead of assuming instantly there is some sort of pointless attack on SCO because it is in print or a SCO rep says so.
/. readers would be a bit more up on things.
If you want the solid facts, go to GROKLAW.NET and read.
I would have assumed more
There's always a LIE in everything they tell you to beLIEve.
The following machines are running currently-reachable FTP servers:
216.250.128.7
216.250.128.13
216.250.128.14
216.250.128.15
216.250.128.16
216.250.128.17
I was able to download /pub/ls-lR from ftp.sco.com (216.250.128.13) 74.91 KB/s (600 Kb/s). My broadband is rated at 640 Kb/s, so the bottleneck was likely at my end. These machines are almost certainly on the same subnet and are likely connected to the same gear (SCO's subnetting is their choice, but if ftp.sco.com and www.sco.com are on different subnets, their subnet masks are 255.255.255.254 and they must have only two IPs per subnet - I don't believe this is even possible as you need a network and a broadcast IP for each subnet).
The fact that all of these machines are reachable and that at least one of them can saturate a broadband link indicates that SCO is not having any bandwidth problems. I also performed some ICMP tests and the machine is not sending out port-unreachables, timestamp-replies or netmask-replies - these seem blocked upstream. I'm getting a little nervous sending out these funny packets as I don't want anyone to accuse me of anything, but everything indicates that the machine is completely offline. If they allowed some ICMP replies through upstream, receiving a reply would show that the machine is actually online, but somehow cannot handle TCP requests (and the problem is not bandwidth as shown, so it would have to be something wrong with the host, such as a firewall rule); if they allowed through ICMP replies and the machine did not respond whereas others on the subnet did respond, it would show that the machine is almost definitely offline unless it has a more restrictive firewall than the other machines (very unlikely given that this, as-claimed, could have been prevented with syncookies). As it stands, one can only say that the machine is very likely offline (unplugged or turned off).
SCO's incoming mail server seems to be working fine. They only have one MX record for sco.com and it resolves to 216.250.130.2 for me at the moment. I only connected to it and saw a banner, but easy way to test this further is to send a message to an invalid address @sco.com and see if a bounce gets back. I don't want to give them an email address.
All of this is current as of 2003-12-10 21:57, Mountain time (SCO is in Utah). Further investigation lead nowhere; thus the delay in the post.
I agree. The story should be updated. Slashdot is running a story which states that SCO has been attacked, this is clearly unfounded. For the sake of accuracy and editorial integrity the story needs to be updated.
Early in the morning, someone was exploiting a rooted SCO corporate web server. But they tripped over an intrusion detection alarm. System/network administrators were notified.
Per their company policy, they shut SCO's entire network off from the entire world. "Internal mail servers and other support servers were unavailable." After a few hours, they determined that the intrustion was limited to the main corporate web server. The web server was broken off from the network. Network connectivity was restored (but no longer having a web server). "The web server is under a denial of service attack."
SCO employees begin the process of either restoring the existing web server from backup, or preserving the existing server, and bringing online a new server from bare metal. The process is expected to take at least twelve hours. An SCO executive informs at least one media outlet that they expect the problem to be resolved in some time after twelve hours. They're still working on it.
This also fits what happened in August, when their corporate web server was unavailable for THREE DAYS. When it was brought back online, the content was reportedly changed in some areas. It sounds like an inexperienced bare-metal restore or an untested solution. Perhaps part of the web site was not retreivable via backup, and they had to recreate some sections from scratch.
My theory, which I believe totally fits the facts, is that SCO has been rooted and does not want to admit this publicly. So the DDoS/SYN is their cover story, which is close, but doesn't fit the facts well enough to avoid suspicion.
I would appreciate a read on this theory with some feedback postive/negative.
What prison did Martin Luther King do time in? Of which crime was he convicted?
He was arrested twice, I think, because of protests, but he was released. I don't know whether he was held overnight or released the same day.
But to the best of my knowledge, he was never even convicted of anything.
So do you have some references that list his convictions and prison sentences including the prisons he did time in and the length of his sentences?
Yes!
I was just sitting around thinking "the world seems so fair and just, and people try so hard to do the right thing, it's really getting me depressed. Boy I could use some SCO news, to restore my faith in people being jerks!"
You know what would really hit the spot right now? A story about both SCO and a DDOS attack. Now that would hit the spot. That's what I need.
This story seemed fine for slashdot, but in general, I don't think lack of news on a topic is a good reason to post something.
Can anyone tell me how to set my sig on Slashdot?
Never mind. He did do a few days in prison from October 25 to October 28, 1960.
Were there any others?
After the Dec 5th meeting in court, SCO's given up hope and they've decided to start anew. Lookie --> they're even selling their webserver on Ebay. There's no DDOS, their webserver's just missing. Soon they'll sell their ftp server too. Only $699!! They didnt wanna tell anybody that they're liquidating, because they wanted to suprise us on Christmas. No more fud, nothing, leaving us Linux users in peace. Those uptight people from Utah are nice after all. And to think we were accusing them of trying to make the Linux community bad. tsk tsk. Let's all mail darl@sco.com and tell him how sorry we are :P
P.S : To those of you who noticed that the seller's located in detroit, it's just them trying to be really, really secretive...
Comment removed based on user account deletion
What if you're not from the U.S. but have to put up with this bullshit from SCO? What happens here will affect every other nation - thanks to our hand-in-hand trade laws.
What recourse do Linux users from other nations have against SCO? They already got the smackdown from Germany, and so have backed off, BUT this court case may decide the future of Linux as a going concern and there are companies and people's lives staked on it's success.
So while a DDOS may be distasteful, I can certainly empathize with the folks who are responsible.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
A strongly worded Urgent Appeal has been posted for the last 12 hours at LinuxWorld Web site. "DDoS attacks do not promote the Open Source cause, and are not consistent with Open Source values," the LinuxWorld editors say, strongly urging whoever is responsible to stop the attack immediately.
They have only one MX - not smart, but it seems to be running fine.
5 0-STARTTLS
telnet mail.ut.caldera.com 25
Trying 216.250.130.2...
Connected to mail.ut.caldera.com.
Escape character is '^]'.
ehlo localhost
220 mail.ut.caldera.com ESMTP
250-mail.ut.caldera.com
250-PIPELINING
2
250 8BITMIME
STARTTLS
220 ready for tls
^]
telnet> q
Connection closed.
Dude! Ever heard of "Letters from a Birmingham Jail?" One of the great pieces of american writing! I'll be mightily disappointed if my english lit. teacher lied and it was actually composed from a Motel 6...
http://metapundit.net
He did do a few days in prison from October 25 to October 28, 1960.
prison != jail
Jail is where suspected criminals go.
Prison is where convicted criminals go.
When will Windows be ready for the desktop?
I woudl say alledged sinc elast time the evbidence form theri ISP rpovvider anotehr Canopy company did not match whaat you woudl expect to see in a DDos attack..
maybe tha tis why the FBI has beenso quite after the reports
Don't Tread on OpenSource
How can I contact this Center7? I want to be isolated from SCO!
warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
Thoreau called it 'civil' because it was disobedience to civil authority, not because it was supposed to be 'civilized'. Ghandi and King had a very different ideas about disobedience than Thoreau. Thoreau would not have broken the law to make a point, but rather only to avoid doing wrong to another person (such as making war unjustly, or enslaving someone). Thoreau would also not have thought it important to be caught and punished, because, again, his point was not to reform the government but to simply withold his allegience from it. He claimed that he was born not to lobby, but to live. This is the man who praised John Brown as a hero of men, if you'll recall. John Brown's actions at Harper's Ferry were certainly illegal, certainly NOT 'civilized', and were certainly intended to bring about change by force of arms, rather than by force of argument, shame, persuasion, or social pressure.
The Age has an article titled Doubts cast on SCO claims of denial of service attack. It's good to see a mainstream news service not just reporting the FUD but actually digging a little deeper.
It's always about SCO. I'm still waiting to see a MS-DOS attack. Oh, wait...
(no sig)
triggers an automatic payment system that could be changed moment to moment by the content distributor.
I want you all to very clearly remember that quote the next time Microsoft tries to claim that Palladium is about "giving the user the control to be sure that only the programs they've authorized are running on their computer" or something along those lines...
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
I was bored today surfing.. decided to visit our sco buddies. Couldnt get to them.. OK.. ping sco.com... request time out.. did a traceroute to them it stopped @ x0.net THe oc12 between them and level3.net was down or being DDOS'd. It not only affected them but anything in the utah area.. I couldnt get to http://uvsc.edu and the annoying byu.edu.. Heck even iomega who is in Roy, UT was down :D
Seems like it was more than just SCO that was down or being DDOS'd .. these company should sue sco :) IMHO for downing their business. ahahha
There's no Freedom like UFP-dom
nothing like taking it too literally... a shame...
it could be a Mac user. Right?
It's most likely to be a horde of Zombie windows boxes, which were taken over by a Linux sympathizer. It absolutely makes no difference what platform they used to make the attack, only that the attacker likes Linux more than SCO.
At any rate, the attacks are not necessary and harm our image more than they harm SCO's servers. To whoever is doing the attacks: Please stop, we don't need your "help". SCO is about to be smacked down in court big time, they are doing just fine destroying themselves on their own.
www.worldrps.com
Need I say more?
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
Darl (screams): I want that network fixed now!
Kevin: Ah sorry bruv, can't seem to find anyone who knows anything about 'computers'. Plenty of lawyers though. Mr Boise says he'll have a look as he's got a a friend who's got an MCSE.
Yeah, so we shouldn't go to SCO's website and read all the FUD. We should trust the US legal system to prevail, even after M$ proved it's broken.
Well this SCO BS will affect more than just US people. I'm not going to just sit back and look at SCO wasting and stealing money that would improve everyone's world.
Some people download Star Trek episodes and pirate software, I visit www.sco.com.
while true; do wget http://www.sco.com/ -r -C off --delete-after; done
Even if this is a true DOS attack, why is this news? Imagine if Microsoft or Google or IBM put out a press release everytime somebody attacked their servers. If you are a big or a loud company, these things will happen. Don't whine, fix it and get on with life.
---------------------t :
whois www.center7.com
---------------------
Registran
Center 7 (CENTER21-DOM)
333 South 520 West
Lindon, UT 84042
US
Domain Name: CENTER7.COM
Administrative Contact:
Center 7, Inc. (CD3816-ORG) dns-admin@CENTER7.COM
333 S 520 W
LINDON, UT 84042-1911
US
(801) 805-3000 fax: (801) 805-0030
Technical Contact:
Center 7, Inc. (CD3817-ORG) dns-noc@CENTER7.COM
333 S 520 W
LINDON, UT 84042-1911
US
(801) 805-3000 fax: (801) 805-0030
Record expires on 14-Aug-2005.
Record created on 14-Aug-1999.
Database last updated on 11-Dec-2003 03:28:30 EST.
Domain servers in listed order:
C7NS1.CENTER7.COM 216.250.142.20
C7NS2.CENTER7.COM 216.250.142.30
C7NS3.CENTER7.COM 216.250.142.14
-----------------
whois www.sco.com
-----------------
Registrant:
The SCO Group
355 S 520 W
Suite 100
Lindon, UT 84042
US
Registrar: DOTSTER
Domain Name: SCO.COM
Created on: 03-SEP-87
Expires on: 02-SEP-04
Last Updated on: 22-JAN-03
Administrative, Technical Contact:
Administrator, Domain domain.admin@sco.com
The SCO Group
355 S 520 W
Suite 100
Lindon, UT 84042
US
801-932-5800
Domain servers in listed order:
NS.CALDERASYSTEMS.COM
NS2.CALDERASYSTEMS.COM
C7NS1.CENTER7.COM
NSCA.SCO.COM
1. Usage of "hacker" in the early 80s is about as relevant as the meaning of "tubular", "rad", or "wicked." Moreover, plenty of words have acquired new shades of meaning since then. Hell, even the word "word" itself has become a greeting or signifier of agreement within certain communities. ("Yo, wassup!" "Word.")
2. I've said it a million times, but..."cracker" and "cracking" in the 80s referred to defeating copyright protection. Pirated software often contained startup screens that bragged "Cracked By Mr. Zero" or "Cracked by" such-and-such a pirate organization. Protection was "cracked" in much the same way a safe was "cracked.
3. Cracking a computer system to mean what everyone else in the world calls "hacking" today was not in common use, at least with anyone I know during the 80s.
4. I did read "Out of the Inner Circle" many, many years ago. But even to use it as a etimological authority, "hacker" has had it's "criminal connotation" for approximately twenty years. I'd say that this is a long enough time to consider it legitimate usage.
But no doubt, the debate will rage on. It reminds me of the stupid "trekkie"/"trekker"/who-gives-a-flying-fuck debates from years past.
That's what they deserve: a DDoS every week or so.
how do we know they're not doing it to themselves in order to have something to point to and say "look what kind of bastards we are dealing with"? Don't forget this sort of thing has happened many times in the past - not least of which that battleship attack that was the ostensible reason for deeper American involvement in the Vietnamese civil war... Gulf of Tonkin incident, was that what it was called?
Reading the netcraft page the OS seems to have changed from linux to unknown - This morning. :-)
I guess their hard drive failed took the whole box down and they had to reinstall fresh on something else.
Has the MAC address changed?
I don't understand.
Why would someone ddos SCO website, they have no business depending on web services.
If they ddosed SCO lawyers with dozens of suits per minute... Now, that would be another story.
Robert
Bastard Operator From 193.219.28.162
Justin.
You're only jealous cos the little penguins are talking to me.
CRAP
Well that proves my thesis: If the leader is an idiot, the men that serve him are too.
Can't prevent a DDOS attack the third time? What a bunch of f#%ing losers are running the servers? Even a kindergarted kid could prevent that!
SCO will go down in history with being the only company to go down due to being filled by idiots and a conspirator.
(And, no one except the CEO will get a good pension.)
Oh look, SCO's lawyers are knocking on my door already! Happy happy joy joy!
If SCO did win in court, I think it's fair to say their systems would see a worldwide assult the likes of which the Internet has never seen before. And it wouldn't stop. Not until SCO was put out of business through lack of communications.
So then... if I've understood correctly, the SCO site hasn't been "h4x0red," it's been "h04xored..."
--Mark
__:-b
"It is nice to know that the computer understands the problem. But I would like to understand it too." --Eugene Wigner
"The site has been down since 4:20 a.m. Mountain Time "
damn. even weed hates sco. and its just a damn plant.
thank you o god of weed
I'll just use my special getting high powers one more time...
Uhm....
(The content confuses me, too).
Plug your web server back in SCO. Unplugging your web server and claiming you're under DDoS == very amusing.
Linux's Hypocrisy Buffer probably overflowed, so it automatically deinstalled. Either that, or the kernel panicked and left the building.
Watch for D'ohl and co to explain that they had to replace their Linux server with UnixWare 'coz "Linux couldn't take the heat". Whackers.
Got time? Spend some of it coding or testing
Yes.. we've all read the article by groklaw claiming it was a hoax. I never considered myself that experienced, but when reading this article and all of these posts.. their "security experts" and these posters are simply morons..
first of all, a classic synflood is something that you and me can do from our home computers to some shitty webservers.. port 80 might stop accepting connections and simply time out. the box will still be up, every other service will be fine. any good webserver nowadays will have protections against it. for anyone to even CARE about a synflood nowadays, it has to be huge. the majority of synfloods anyone talks about today are so huge that they bottleneck network equipment and bring down the entire machine or several machines. its pretty obvious sco is talking about the second kind of synflood, not the first. "synflood" now just describes the packets they used to flood, the fact that they were syns had nothing to do with it and any synflood protection on the box wont help.
secondly, just because an ip is next to another ip doesnt mean they're connected to the same switch/hub
finally, just because a server next to it is responding, doesnt mean its not an attack. what would you do if your entire network goes down and your internet connections cant handle the bandwidth? you call up your upstream providers of course! they have the resources to block a large attack early before it hits your network. how would they block it? by blocking all traffic to www.sco.com, maybe even just syn's to port 80 to be more specific. this will keep their entire network up and running. and in this scenario, www.sco.com is down, but ftp.sco.com is up. even if their entire internet connection wasnt maxed out.. they'd probably block all traffic to www.sco.com at their backbones to keep everything else next to it up
and by the way, just because it brought down their internal network doesnt mean their internal network was "exposed". their internal internet connection has to come from somewhere. i bet sco's network's internet connections were completely maxed out for a while.. a synflood can do that
someone prove me wrong
jails != prisons
The October 25 to October 28, 1960 imprisonment was in the Reidsville State Prison in Georgia, not a jail.
The October 25 to October 28, 1960 imprisonment was in the Reidsville State Prison in Georgia.
That is close, but not entirely correct. In many states, possibly all states, convictions of some crimes can lead to jail sentences, but not prison sentences.
For example, in Texas a Class A Misdemeanor can land you in a county jail for up to a year.
But you cannot go to prison for a Class A Misdemeanor. For a prison sentence, you would have to be convicted of a felony, not a misdemeanor.
First I realy hate to bring this up but Running DDoS for this reason is a terrorist mentality. If you create in your mind an enemy then you completely villainize them enough to justify some sort of attack. Now I like Linux and I dont like what SCO is doing but DDoSing doesn't help anything.
THIS WILL NEVER HAPPEN
Judge: IBM do you have any evidence.
IBM: Well we SCO got DDoS by a people who don't like them.
Everyone: GASP!
Judge: Well I see that SCO case is completely fraudulent and the judgment goes to the defendant.
SCO: But...
Judge: Slaps down his gavel.
-----------------------
If this did have sway in any way it would be for SCO legal advantage because they can use it to show how common the Open Source Community uses illegal means to try to get what they want.
At best all the DDoS will do is wast some of SCO's money. but not enough to put a dent into it. Heck they probably find a Tax loophole to get the money back. Or sue the guy in the previous posts that gives out all the information to DDoS them on Slashdot.
Come on guy think a little. This is the same way terrorist think. "Yea if I blow up this building that will get the US out of the surrounding areas." All it did was make it worse for them in their Point of View.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
This is probably a Joe Job. Next thing you know, they'll burn down the Reichstag.
iptables -A OUTPUT -p tcp -d www.sco.com -j DROP
iptables -A OUTPUT -p udp -d www.sco.com -j DROP
OR
ipfw add 1 deny ip from me to www.sco.com
i know of plenty of assholes whose 'houses i would vandalize', but in reality there are just _so many of them_ that trying to even make a dent on that list is futile. i have better things to do with my time anyway.
but these inspired induviduals have time to burn, and resources to kill off, so they used them as an appropriate show of force against a bile clogging the legal system in one of the wordls most important and powerful nation. hell, i'd buy whoever did this at least a beer for his efforts, and for saving me and everyone else out there the effort.
remember, every second SCO's website remains up, the more chance they have of making money by accident or by momentum to fuel their lawsuit-based business model, mostly against linux and other things that i at least, hold as important enough to fight for.
on the other side, the older definitions of civil dissobedience are flawed(as technology has made them moot), and secondly, people who pull them off _are_ liable to end up in prison. it can and may just happen.
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
SCO is not only plain wrong, but also clearly harmful. people with resources to burn must act, and act now. every rational means available, from lawsuit to DDoS to firebomb, must be employed to impede their business, and lives.
unless you want to tell me you have faith that the corporate^W justice system in the united states will function correctly, 100% of the time.
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
Are we to rule out the possibility that this is not another attempt by $CO to make the "hacker" community look childish and unprincipled? My dad could beat up Darrells dad anyday, anyway.
boycott slashdot February 10th - 17th check out: altSlashdot.org
I don't know if it was deliberate but 6:20 est is 4:20 mst.
In the end they will lay their freedom at our feet, and say to us, "Make us your slaves, but feed us." - Dostoevsky
Further assume that it is a Linux person(s) even though the community as a whole came out against the first attack. Why not likely?
Ok, so, maybe it is not a Linux person.
Instead assume it is somebody trying to make Linux ppl look bad. huummmmm.
Finally, assume that it is some SK that is trying to showoff. Normal situation with a site that is easy to take out and would get lots of press play.
I can safely assume the later 2 are more probable, while the first is not likely.
To be honest, I would also assume that SCO can be lying about being under attack.
I prefer the "u" in honour as it seems to be missing these days.
It would be very amusing to see the reaction of SCO's upper management to having their bluff called.
Karma: Chameleon - mostly influenced by bad '80s New Wave music
SCO is full of it.
1 01 63721614
http://www.groklaw.net/article.php?story=200312
"Random Media Feed" reports - /. has the same effect as the DDoS on sco's website!
;-)
Millions of curious hackers type in the dirty address (rubbing their now mentally soiled hands on their pants in disgust) to see if the site was defaced in a 'creative' way attempt to view the site.
Oh well at least the site is down.
So after a DOS attack, Slashdot posts an article about the attack, thereby starting another attack.
Sig it.
micantos wrote:
Grow up. Settle it by the law.
I think that comment should be directed at SCO, instead of "guys". Their description of the attack is flawed, their upstream ISP was contacted, and says there's no attack, and their ftp server right next to their web server on the network is having no problems. It's a fake.
----
Open mind, insert foot.
Stop being ignorant.
Birmingham != Reidsville
Does April 16th 1963 ring a bell?
Jaysyn
There is a war going on for your mind.
Come on.....
1 63721614
There are only a few possibilities:
1: SCO's IT department doesn't know what syn cookies are and how they relate to Linux (which the DO run their site on). They evidently don't know how to configure CISCO routers in order to block syn floods either. In this case SCO is incompetent...
2: SCO is deliberately not protecting their networks in order to draw attention to themselves.
3: SCO is sabotaging their own networks.
4: The ctber-attack story is completely made up and has no truth value.
The Groklaw story is worth reading:
http://www.groklaw.net/article.php?story=20031210
LedgerSMB: Open source Accounting/ERP
Great... So now SCO group has the entire list of e-mail addresses of all /. regulars. Guess what will be in your stocking this year? Your choise of a law suit, a C&D letter or a voucher for $5 off on a Linux license.
To Terminate, or not to Terminate, that's the question - SCSIROB
Either that or they couldn't afford to pay themselves the $699 Linux license fee. (Or is it $1,400 now?). They probably received a letter in the mail from themselves explaining that they were in violation. So, really, they didn't have a choice but to change the OS.
Now, we all know that piracy is a sin. They evidently meant that since they were running Linux that it was a SIN FLOOD. Being in the state of Utah where society can take a hard line on certain religious issues doesn't help wither....
LedgerSMB: Open source Accounting/ERP
Read the grandparent post, before you go on spouting stuff that's already been said.
GP says "it could still be using all their bandwidth"
P says "no, their bandwidth is unaffected"
you say "Yeah, but it could still be using their bandwidth!"
You're a moron.
255.255.255.254 huh?
Instead of just DDOSing SCO, have people started writing malware targetted at SCO OSes... OpenSever, UnixWare...
Way to spread FUD. This is just a baseless assumption, but putting it up on the front page may somehow give weight to it in the eyes of the less analytical masses.
While we're off making possibly outlandish assumptions, why not point out that it's likely the company, considering all the other nonsense it engages in, is crippling itself to give ammunition against the FOSS community.
Join Tor today!
As far as I am concerned, any company in that group have the potential to become the next SCO.
IANAL but write like a drunk one.
five dollars says they're DoSing themselves for attention.
Its like a pattern. each time things get quiet and focus starts to shift, they come up with something new. DoS attacks are like something to give them a little time to "find" more evidence or something.
Truth, Just Us, And Hatred For All Mankind!
#> /etc/init.d/httpd start
My beliefs do not require that you agree with them.
Is SCO lying about their downtime. Lets get the facts straight:
1: Server goes down for a while starting early in the morning. THe server is a web server. There are many reports of the mail servers working from outside the company.
2: When the server comes back up, it is running an new web page AND a new OS.
Now, if I have a major web server down, the last thing I am going to do is upgrade the *web page*.
My guess is that this was scheduled downtime, that something went wrong, and that they had trouble bringing back up the server afterwords.
Also note: Upstream admins have stated that there was no DDoS or Syn flood.
It means that SCO's story doesn't add up.
Now-- what else could account for it?
Assuming that they are right and that they were having intranet and internal email server errors, it is HIGHLY unlikely that the problem came from the internet. More likely a single-signon-system (such as Kerberos, NIS, Windows Domain Controllers etc.) failed and this caused the internal network to be unavailable as well as the web servers to be unadministratable.
So my theory is that during their scheduled downtime, they had a network failure. Not wanting to look incompetent, they blamed it on their enemies. To be fair, it is possible that someone there thought it was an attack due to siege mentality... (Un)Fortunately, it made them look horribly incompetent and probably gave much more away regarding the state of their security skills than they would have liked.
LedgerSMB: Open source Accounting/ERP
This is just too much. I thought "evil corporations" existed only on comic books, and hollywood movies.
Your simple fresh-faced innocence made me smile.
Once more unto the breach, dear friends, once more, Or close the wall up with our American dead!
Call me paranoid, but if their intranet was affected by this "attack", I suspect that "some things" are going to be "lost" as a result.
IMHO, the SEC and other appropriate authorities might want to get some search warrants quick, surround SCO Headquarters and start saving some of the things that might otherwise get "lost" or "destroyed" due to this "attack".
Regards,
Fredrick
Man, you missed it!
:-)
Pirates, copyright violators and communists, oh my!
emt 377 emt 4
This seems like in the word of Malcolm X:
Chickens coming back home to roost.
Now being a farmboy myself I've never had any problems with chickens coming back home to roost
Accepting SCO's claims of a DDoS and their explanation that it comes from a Linux sympathizer without any real evidence to back up either claim is as stupid as accepting their claims that there is code in the Linux kernel that "belongs" to SCO (and that SCO did not intentionally contribute) without them showing us the code.
Hackers don't hack big name targets like this because they have a specific bone to pick. They do it for attention and/or a sense of personal satisfaction. Even if the attacker likes Linux more than SCO, so what? What if it turns out the attacker is a Scientologist who just doesn't like Mormons? What if the attacker is a socialist who doesn't like corporations? What if the attacker is a figment of our imagination because SCO is making the whole thing up (or one of their net admins is making it to explain some other problem in a way which allows him or her to keep his job)? What if a millions different explanations are true or not true? What if the attacker is some old Warp-OS/2 nut who could care less if he makes Linux look bad while getting a chance to ruin someone's day over at the company that's suing IBM?
Is it generally ethical to use compromised computers to launch a DDoS attack? Does it matter who the target is? If the targeted server belonged to Al Quida I bet no one would be claiming that it makes America look bad. But the fact is that the process involves compromising systems which you have no "right" to be using. But what if those systems all belonged to the Taliban? Then would we be against it?
I should add that I personally wouldn't engage in this sort of attack, or spend my time compromising servers that belong to others. I don't think that will solve whatever problems I may think I have. And I don't think such an approach will work for the hackers either. I'm just not in a mood to accept SCO's say-so on this, nor do I feel a need to go chastising any alleged hackers without more information about who they are, what they actually did, and why.
You say that "There is recourse through justice against SCO". I would submit that through our corrupt congress (they serve money, not the people), and through corruption of our judicial branch, there may in fact be no recourse through justice against SCO.
Also, if our only recourse is to sue SCO, and filing lawsuits can cost thousands of dollars and take years, I say that for most of us there is actually no recourse.
maybe they've seen the light and realized that they can't use GPL'd code, so they've got their crack team of programmers writing their own patches...
A thorough analysis that has been gone over on GrokLaw has shown that it's NOT likely to be a DoS attack.
They (SCO) claim it's a SYNflood of all things- that should get everybody's bullsh*t alarms going off in the first place. If it IS a SYNflood, then they're awfully damn incompetent technology-wise since Cisco routers have a solution for that that can be turned on and their webserver is a Linux box with SYN-cookies turned on (they'd have to deliberately turn it off and recompile the kernel on that machine since most distributions, themselves included, have it turned on in the kernel...).
Secondly, if it were a DDoS, like they claim, why is their mail and FTP servers responding (note: they claimed they were having problems with those being accessable too- not the case.)
Please people, don't be repeating SCO's BS without doing a check to verify what they're saying- they can not be trusted to say a single truthful thing at this point.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
...too bad it doesn't consider the fact of the extreme probability of the Linux distribution that they're running on having SYN-cookies turned on, meaning that the site would still be reachable except in the condition of the pipe being flooded- it'd just be sluggish in response at that point.
Since their own distribution ships with SYN-cookies turned on (most everyone does to avoid getting zapped by one of the oldest DoS exploits in the book...) unless they recompiled the kernel and turned that feature off for whatever insane reasoning they might have had then either their pipe is saturated or they're lying.
Since adjacent sites are up and accessable, either they recompiled or they're lying. Given their past track record for whoppers, what do YOU think the probability of the latter of the two is?
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Hey FreeLinux: Learn some basics here:
"...apparently by hackers unhappy with the company's legal threats against users of the Linux operating system."
WHY is this apparent? The only thing that the 'unhappy hackers' have going is motive. IBM could have done it too. SCO could have done it to themselves, or just faked it entirely, as an excuse to go offline to recover from being rooted.
Motive != guilt, especially when there are many groups with equal motives.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
I was *there* in the 70's programming IBM mainframes in assembler, everyone called me a "hacker", and it was considered a badget of honor.
There was no negative connotation in the computer press; there was no *understanding* in the popular press.
So your revisionist bullshit is....bullshit.
Read the article
http://www.theinquirer.net/?article=9724
I couldn't get through to see if thier servers are down. Could someone else please check and let us know:)
Knowingly filing a false claim is still a crime in this country, even for corporations.
Can You Say Linux? I Knew That You Could.
Who would be stupid enough to host SCO'S website? They obviously have a contract* with their current ISP.
I can't imagine any ISP being willing to accept the hits that SCO is probably getting.
Let's face it, SCO is in the middle of stealing free software from MILLIONS of people. Some of them are going to retailate.
(*Contracts are what you use against people you have relationships with -- Darl)
********* sig: If you don't like the law, get filthy stinking rich, and buy a better one.
Just put that IP in as www.sco.com in your hosts table and voila, SCO is back up.
My guess is they were migrating servers and some weenie shut down the old one before propagating the DNS change.
--- It is not the things we do which we regret the most, but the things which we don't do.
Let me first say that any sort of DDoS or other such abusive activity speaks pretty badly of those doing the abusing.
With that firmly in mind, I think I can sum up SCO's current situation in five simple words.
'They brought it on themselves.'
For the Nov. 23rd strip, Illiad (http://ars.userfriendly.org) came up with 'Dalek McBride' in all his tin glory, shouting "Lit-I-Gate... LIT-I-GATE!!!" I guess the real 'Dalek McBride' hasn't learned yet that pissing people off is not a good way to run a business (unless, that is, he's trying to run it into the ground).
3E7 quatloos says that SCO will be filing for Chapter 11 within three years.
Bruce Lane, KC7GR,
Blue Feather Technologies
Is it m or does SCO's website "suffer" a dos attack everytime they get negative publicity in the mainstream press?
How convenient.
Shorted Shares..... This Risk Alert tells us that members of the investment community have become more skeptical about the stock's prospects. Because short selling can be especially risky, we can assume a greater degree of bearish conviction than is the case when investors simply sell existing positions or avoid the stock. It is therefore important that you investigate to determine why short interest is rising.
Personally, I'm thinking one of Darl's Bodyguards(tm) had to throw himself in front of Darl to protect him from a hail of invisible bullets, and fell on one of their servers in the process...
Hacker Public Radio is our Friend
Remember, friday after IBM spanked them in court some mysterious stranger bought a crapload of SCO shares to keep the price up.
Monday comes up and the stock starts sinking. Then SCO postpones it's financial report at the last minute as Royal Bank of Canada decides it doesn't want it's investment in SCO going to Boise.
That's a whole lot of bad news. Then Motley Fool and TheStreet.com both come out with articles calling SCO a bunch of shysters.
SCO needed to do something because the only case they have is in the press and their defeat in court less than a week ago was spilling over into the mainstream financial press. If you're running a pump and dump scheme, that can't stand.
So stage a fake DDoS and call the feds! Send out a press release. Blame some non-existent hackers and make yourself look like the victim again.
Now let me ask you this: How did the press release get out to the online wires in a copy and paste form if their web and email access was down?
Yeah. As soon as I read the line that claimed that an external DDoS took down their intranet I knew this was a stone cold lie. What company worth billions has only 1 web server that services both the public website and the intranet? What company that hosts both doesn't use internal and external DNS combinations?
Any knucklehead nowadays knows basic network topology techniques to keep the intranet going if the border nodes are hit by a DDoS. Certainly a company that's made internet server software for years with billions in the bank to hire competent tech consultants with does.
I really do hope they're "cooperating" with the feds. I hope Darl is talking to them directly, because lying to an FBI agent can land you in jail, and I'd like it to be of record that his next "Open Letter" was written from federal pound me in the ass prison. I'd like it to be the reason he's not in court on Jan 24. That's the kind of PR I'd like to see them get from this stunt.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
www.sco.com is not responding to http requests
:Connection timed out
ftp.sco.com is also not responding ftp requests
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\>ftp ftp.sco.com
> ftp: connect
ftp>
The last hop I get to is:
71 ms 70 ms 70 ms p0-0.CHR1.SaltLake-UT.us.xo.net [207.88.83.42]
This is probably the interface between SCO and XO Communications.
What story are they going to use this time? Now hackers are taking down their web and FTP server?
As a linux distro, you'd think that they'd be on top of things.
This isn't going to change the fact that they have less than 30 days to show proof to support their allegations.
I don't believe that anyone here has claimed the Birmingham jail and the Reidsville State Prison are the same thing.
If it's true that SCO is lying or too inept to know what's happening then somehow this has to make it to the mainstream press. That would do more damage to their stock value than any DDoS.
Well go back to your messages parent and see if it doesn't look like you are saying that MLK wrote "Letters from a Birmingham Jail" from Reidsvile State Prison. That's why I though you we're being ignorant. I thought you were trying to say that he was never in Birmingham Jail.
Jaysyn
There is a war going on for your mind.
I wasn't making that distinction. I don't know if MLK was ever convicted of anything. If he were convicted of violating some of the laws he opposed, it would have been a badge of honor.
And where exactly did you get the idea that I thought Thoreau did call it "civil" for any reason other than that it was resistance to "civil" authority? By the way, Gandhi read and referred to Civil Disobedience, and MLK read and referred to both Thoreau and Gandhi.
I don't know if MLK was ever convicted of anything
My point was that one can be arrested and spend time in jail without ever even being formally charged with a crime. The charges are sometimes dropped after a few hours, days, or sometimes even weeks. In rare cases, years. So it is possible to spend time in jail and have no criminal record.
When will Windows be ready for the desktop?
5. They are migrating from Linux to Microsoft and as a result all of their shit is broken.
If a government gives legality to drive by shootings, who is responsible for the crimes? Can not civil disobedience be used against groups which hide under the shelter of an unjust law?
they are alive and well here too: Rock Paper Scissors
pretzel_logic
From this line:
"For a protest to deserve the honor of being described as civil disobedience, it requires risk and sacrifice."
I agree this is true of Ghandi and King; I don't think it's true of Thoreau. When 'civil' is used merely to describe who you are disobeying, you get to call it 'civil disobedience' purely as a matter of fact. When 'civil' is used to describe how and why you are disobeying (as peacefully as possible and for the purpose of reform), then risk and sacrifice are probably pre-requisites.
Yeah, I know Ghandi and King read Thoreau, and I know that their ideas about civil disobedience have something to do with his. I just am more of a Thoreau than a Ghandi, and I find some of the differences in their ideas significant enough to mention.
Cockhead did not write this tho he would like to take credit (typical liberal). The truth about this resume can be found here. Cockhead, your a liberal jackass. http://www.crossbearer.com/resume/The_Truth.pdf
Thoreau did his own time in prison, of course. "Risk and sacrifice" has nothing to do with the actual words or title "civil disobedience," only with the way that Thoreau describes it. I would be surprised by any detailed argument providing evidence from Thoreau's writings that he would have considered wasting a corporation's time with a stupid prank (if such HAD happened, which Groklaw's analysis suggested it did not) to be "civil disobedience."
Hmm. Well I'm not sure what the point of your original post was, then. Seemed you were saying that since there was no risk or sacrifice, this couldn't be considered civil disobedience. I agree it's not civil disobedience, I just wanted to expand the term a bit. Logically speaking, you did this (using direct quotes):
Premise 1: "For a protest to deserve the honor of being described as civil disobedience, it requires risk and sacrifice."
Premise 2: "Those launching a DDoS against a company that's doing something stupid are risking nothing, are sacrificing nothing."
Conclusion: Therefore, launching a DDoS against a company that's doing something stupid does not deserve the honor of being described as civil disobedience.
I agree with your conclusion, but not with how you got to it. Specifically, I deny Premise 1. Premise 1 is not a true statement when we are talking about Thoreau's notion of civil disobedience, which you, at least in part, were doing. So, your conclusion is true but not for the reasons you list.
Either that or Darl has an obsession with the word million. Perhaps he's given up on calling himself Bond and is now comparing himself with Dr Evil - he must have got hold of those 120 laser pointers and a lot of goldfish.
How childish can these people get?
If you open your eyes you'll see it is you who does not have freedom to understand what happens in the world ;-) Oh yes, it is USA that is the best and richest and free country, and all others, including Europe, just envy, and that's why "they" hit our towers, and for that all should be terminated, and we (the USA) should bring "freedom and peace" (the same as in USA) into those countries.
Violent pacification. "The good has beaten the bad and then violently raped it".
You missed premise 3, which was that SCO is not a "government" (or to use terms with which you will be more comfortable, a "civil authority") and there is recourse to civil authority available in one's opposition to their actions.
Well, sort of. You said "...civil disobedience is directed against a government guilty of an injustice which cannot be redressed through ordinary means." Again, Thoreau wouldn't have agreed with the last part of that sentence. There were ordinary means by which he could have redressed the poll tax he refused to pay and was jailed for. His attitude was that he ought not to have to ask for redress, because the government out not to be doing anything but protecting him from force and fraud. If the government wanted to do more, then it should fund itself. He denied that it was his duty to try to fix the government; the only duty he acknowledged was the duty to not lend himself to any wrongs that the government might do. Look, I'm not talking about SCO here. I'm just pointing out that you introduced Civil Disobedience as a product of Thoreau, Ghandi, and King, but then when you used it you used Ghandi and King's version, not Thoreau's.