Slashdot Mirror
SCO Group Web Site Attacked Again
FreeLinux writes "With not much SCO news today, it seemed that this story was needed - Reuters is reporting that, SCO is again suffering under a DDoS attack that has crippled their web site and email system since Wednesday morning. For the third time this year, the SCO Group's Web site came under attack, apparently by hackers unhappy with the company's legal threats against users of the Linux operating system. The denial-of-service attack started at 6:20 a.m. EST Wednesday and continued through the day, said Blake Stowell, spokesman for the Lindon-based company."
...and the happy folks at Groklaw already have a statement up with arguments to effect that SCO is fibbing. They think the attack could be a hoax.
You say
...by Eric S. Raymond.
He makes it clear that SCO is attacking everyone, but he opposes DOS'ing them saying that "the open source community must use the truth, not criminal methods, as its weapons." Nicely done
The Army reading list
There's been a ton of discussion of this on Groklaw today -- consensus is that either this is no attack, or their network is run by doofuses.
that everytime Darl is sitting on the john dropping a deuce (of course, we know that he is full of shit) and clogs up the toilet, he blames it on a DOP (denial of plumbing) attack by Linux users!
Press release to follow.....
No trees were harmed in the composition of this; however, numerous electrons were inconvenienced.
SCO launches a lawsuit against the anonymous hackers.
In related news, SCO caims ownership of "ping", and will licence it starting at $1000.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
It certainly was effectively used by the spammers to crush their enemies. I forget the name, but one of the major anti-spam websites was forcibly closed because of DDoS, and nobody was prosecuted.
You can lead a horse to water, but you can't make it dissolve.
Folks, if it's a SCO story, check with Groklaw before passing judgment. For every bit of FUD coming out of Linden, a blast of anti-FUD is lobbied back.
Well, would, but we can't e-mail them documents anymore.
Looks like Rock, Paper, Scissors is the only remaining viable solution.
http://www.groklaw.net/article.php?story=200312101 63721614
If it is a DDoS attack, SCO are incompetent for not blocking it. Or it is just more FUD.
Head over to Netcraft News and see how this server "died". If this is a DDOS attach I am Queen of Spain.
Help fight continental drift.
...a Slashdotting?
Crybabies!
This Like That - fun with words!
This is a load of rubbish. See Groklaw for a much deeper and more insightful look at what really happened, a full explanation of the technicalities of the DDOS attack (claimed as a SYN attack that took up all the bandwidth and flattened their e-mail - and yet you can still get to ftp.sco.com (on same subnet), smtp.sco.com all other XO.net fed servers. Groklaw also noticed that the machine was down well before the press release claims and that it went straight down - no hiccups or other indications of a DDOS attack, just a straight gone - switched off or unplugged most likely.
See the netcraft stats for that little bit. If SCO make any claim that this is a DDOS, they are lying through their teeth and the evidence was collected as it happened - see the members zone at Groklaw for the raw Traceroute returns.
An infinite number of monkeys will eventually come up with the complete works of
> Grow up. Settle it by the law.
Yes. SCO should do that instead of lying about their downtime
RST
More like "crying wolf", people. Lies and the Lying Liars Who Tell Them, Second Edition?!
It's all of those corporate Linux users beating down their door to buy licenses. Hurry and get yours today before they're all gone!
As seen on Wired: Get a free desktop PC
This story apparently inspired some poor systems peon at sco to set up email autoresponse to the email address mentioned in the story.
I tried it, it works. At least someone at SCO has some sense of humor.
Buford "Mad Dog" Tannen
I expect the blatient misuse of hacker as a synonym for computer criminal in the mainstream press, but I woulda hoped that Slashdot would do better.
"Mission Accomplished" -- George W. Bush May 1, 2003
I thought the same thing.
I mean, what the hell is " apparently by hackers unhappy with the company's legal threats against users of the Linux operating system" supposed to mean? I think that is a dangerous assumption. After all, it is probably Windows machines that are the 'bots, right?
Hell, *I* use Linux and dislike SCO, but this is just a tad unprofessional. OK, I'm kinda disgusted by this behavior - it destroys a moral "high ground" that might be useful to have shortly.
C|N>K
I don't think that DDoS and cracking is the solution, but unfortunately, the law is not always helpful either.
Look at what the use of the law did for the abuse of monopoly power by MS. It was a slap on the wrist for MS and their continued monopolistic practices.
How do I enlist my computer as a zombie in the horde to attack SCO?
Cyde Weys Musings - Scrutinizing the inscrutable
According to Groklaw, not only is it implausible that this is a real attack, it's not even competently done. SCO blames a SYN flood, which is trivial to ignore. Their ISP hasn't had anything to do about it. While they say their email server was down, it actually wasn't. Their FTP server on the next IP over (and on the same block of addresses) had no problems. Their internal network almost certainly isn't anywhere near their Web server, network wise, and, if it was, it would almost certainly have a firewall that's not the web server.
It's clear that SCO's run out of technical people; not only are they faking technical problems, they can't even make up a technically sound attack on their own systems.
I find it quite sad that our community has to loudly distance itself from supposed DDoS attacks and such against SCO while SCO makes a total mockery of the legal system and justice in general with their current campaign. For those who may not have noticed some earlier posts, discussion on Groklaw has brought up the possibility that this isn't a DDoS, but either just idiotic network admins on SCO's part, or perhaps even an intentional takedown to *cough* allow for a nice bit of publicity on their part. Whatever the true case is (and I'm not advocating any as the real one, I'll leave that for others to decide), SCO has certainly scored some nice negative publicity towards the OSS crowd, even if the DDoS is real and the attackers have nothing to do with OSS.
IIRC there was an earlier supposed DDoS against SCO's servers that turned out to be that the servers were just down.
In any case, it's nice to see the /. crowd (as always) advocating fair play and not using vigilante justice. Too bad SCO doesn't seem to believe in the fair play bit.
From the article header:
For the third time this year, the SCO Group's Web site came under attack, apparently by hackers unhappy with the company's legal threats against users of the Linux operating system.Where in the article did it say this? I certainly can't find it.
Slashdot editors might want to RTFA before approving a post. The submitter of this one got a wee bit overzealous.
Karma: Frotzed (mostly due to the Frobozz Magic Karma Company)
I work in the Canopy Group office buildings at another (non-evil) company. We're all serviced by Center7 and the last time there was the confirmed/acknowledged DDOS attack we felt it hard. Getting to hosts outside of the building was very difficult all day.
No hiccups today. Center7 did promise last time that they could and would isolate everyone else from SCO, so there is another explanation, but...
Tweet, tweet.
I would like to suggest that, once this case is finally settled, Slashdot begin using the caldera systems icon for "Laugh, it's Funny" instead of the Monty Python foot. I know I already associate that blue and red C with a good humourous story.
Jedidiah.
Craft Beer Programming T-shirts
Ahhh, but you see the sco.com website runs on Linux...
An infinite number of monkeys will eventually come up with the complete works of
All of the current evidence points to a particular Linux user. But chances are they'll never be prosecuted, because SCO almost certainly didn't actually call any law enforcement, and it's not illegal, in any case, to shut down your own website.
(This would have fitted on a single CD. I think we should add environmental terrorism to the list of SCO's offences.)
Grow up. Settle it by the law.
/.
or atleast taking down the site the old fasion way... by posting it on
www.sco.com
wud
Well... pending on how one wishes to view the situation it could also be described as a "sit in" a-la what the hippies did years ago. Civil disobedience as such. Yes, I know it is not the same thing, but it is not that different.
That being said *IF* the DDoS is coming from compromised machines without there owners permission that is criminal but if it is otherwise (read: users permission coordinated demonstration) then calling it criminal seems a bit harsh. Digital Civil Disobedience seems more accurate.
It is highly suspect that a company who's web site was felled by an ancient and easily defended 'attack' was able to so expertly and swiftly identify the cause in time to write up and distribute a press release before the close of business.
I've been folowing this story all day and the last thing I expected to see on /. was a regurgitation of "facts" with a 'questionable heritage'.
Several sites (groklaw, lwn) have already pointed out that the claims of being hacked should be viewed with a liberal ointment of skepticism for any of the following reasons;
one better than mcleodeight
This is getting just annoying. As has already been pointed out, the facts point to this being another hoax. However, as not everyone else in this community knows much about Security, let me add my few years of experience in to help those who don't understand.
I should point out, this has pretty much been covered by Groklaw already and my methods don't vary too much from those already posted by them.
SCO claims their email and web servers are unavailable because of a DDoS attack that has also infiltrated their Intranet and affected helpdesk services as well as other internal services. If this is the case, then it is more than just a DDoS they're suffering, or they are negligent in the highest order for failing to take simple steps to ensure a risk mitigated environment for conducting business within.
Lets start with their Mail Server.
Everyone has a backup mail server, usually hosted by a 3rd party to ensure that if your primary mail server is offline for any reason, mail can still be delivered successfully. The fact that SCO claimed their mail servers were unavailable suggests they either failed to purchase this extremely basic service or their setup is absolutely wrong by anyones standards. The purpose of multiple MX records is for this exact situation. You start with a high priority MX record (say 10) and work your way down the order (usually in steps of +10, so the secondary is usually 20).
Their Web Server
Their webserver is hosted on exactly the same subnet as their ftp server. However, during this attack, their FTP server has been available to anyone thats tried to connect to it. If they were suffering a DDoS attack of the proportions that SCO claims, this server would also have been affected and taken offline. Yet this is not the case. This blows open entirely the philosophy of a DDoS attack without any of the further evidence.
SCO has alluded to the fact that the attack is a basic SYN Flood. A very simple and old attack that has been blockable by nearly every appliance and OS for the past 3 years at least. Yet if they are suffering as they claim, then they are guilty of negligence for failing to apply patches or even configure their platforms correctly. Its very easy to turn the SYN Cookies on in Linux (sysctl isn't rocket science) and just as easy in something like a Cisco Router/PIX Firewall or a Checkpoint Firewall.
The claims that this has adversely affected their intranet suggests that the intranet is in some way exposed to the Internet. Even more alarming is the fact that it disabled their Helpdesk services for a period as well. This would suggest that their network has absolutely no perimeter protection of any kind. The smallest flaw in a product they use could apparently be used to access their core network infrastructure. Isn't that where their source code and IP documentation are kept? I'd start getting very worried about now if I were an investor.
Due diligence is a core principle of any company. That includes ensuring that the services relied upon are securely and properly setup and maintained. If SCO truly has been affected by an attack of any kind on the magnitued they're claiming, then they should be legally responsible for the results of their failure to perform due diligence. (However, IANAL so don't quote me on legalities, especially given I live in NZ, not the US).
In short, the supposed attack on SCO does not add up at all. In fact, if they are being attacked this time round, they are in serious legal trouble themselves if their reports are accurate.
I would also question why they have released this to the press as a Press Release instead of getting on with fixing the problem as quickly as possible. Also, how is it that their mail services are now restored, their FTP server never offline, yet their website remains offline? Surely, a DDoS would affect both.
Not to mention the fact that it would affect SCOs upstream provider who, when contacted last time, saw absolutely no evidence of an attack in progress at a
Wasn't it just a flood of Linux license payments?
"She's a West Texas girl, just like me" - G.W Bush Iraqis
so does that mean they can sue themselves?
Darl McBride, stumbling drunk (as usual) around SCO's headquarters, accidently tripped over the server's power cord.
SCO's technicians are busy working to fix the problem.
---
Never criticize religion on Slashdot. You will be modded down for "Troll" no matter how factual it is.
just out of curiousity, what do you think makes people assume that any attacks on sco are from the linux community? to me, its almost as if walmart.com got attacked and everyone blamed the mom-and-pop stores. ridiculous.
Gyrate Dot Org - "Where high-tech meets low-life"
ftp.sco.com is 216.250.128.13. www.sco.com is 216.250.128.12. They are on the same network segment. However, the first is completely and normally responsive, while the second is entirely unresponsive. This is not in any way characteristic of any sort of modern flood-type denial-of-service attack -- that is, a DDoS aimed at flooding the network itself. Whatever is disturbing SCO, it is not a DoS of the sort they evidently believe it to be.
Unfortunately, SCO has taken the "cargo cult security" measure of blocking pings, so it is not possible to gather any information about their disturbance in that fashion. I suspect that the best method to gather information about SCO's disturbance is, in fact, for SCO to fully and legally respond to IBM's discovery requirements.
("SYN flood" is obviously wrong. Although some firewalls and IDS still report TCP-based DoS floods as "SYN floods", the condition that used to be associated with SYN floods has been fixed in current operating systems. Unless they are running a system old enough to be called grossly negligent, they aren't susceptible to TCB starvation. The current unavailability of www.sco.com looks more like someone tripped over the Ethernet cable.)
Careful.
There is a decent chance that their claims are designed to inflame.
Claim the Open Source community is behind it and you get a bunch of people who have already been accused starting to think they may as well commit the 'crime' for which they are being blamed.
Sure the claims made by SCO have always been seen to be ridiculous, from a technical POV. But their point has never been to convince the geeks. They are playing to a larger audience and seen in that light their bumbling and fumbling, technically, starts to look a little more deliberate.
Call me paranoid, but SCO could be trying to create the incident they claim is ocurring right now.
They use Unixware, duh.
WARNING: I'm going to vector some rumours here. Feel free to slap them down if inaccurate, as I'm too damned lazy/tired to investigate myself right now.
There are some rumours floating around the Yahoo SCOX message board that several directories containing Linux source code, such as patches and updates, are now missing from SCO's ftp server. Months ago, many people pointed out that SCO itself continued distributing copies of the kernel in support and updates directories on their ftp server. There is also speculation the strangely internal nature of this so-called DDoS attack may be part of an Ollie North operation to prevent certain evidence from falling into IBM's hands via discovery.
SCO's execs need to read The Boy Who Cried Wolf a few times, and learn the lesson within. Darl, unlike Ken Lay, does not have close friends in the White House, and probably would not escape prosecution for any illegal acts being committed under his watch at SCO.
Someday, you're going to die. Get over it.
The law is never helpful from the perspective of someone who has lost a case. If MS/SCO/whoever wins and the opposition exhausts appeals, then I'm willing to let a particular case drop.
As for the precedent the decision establishes - it can also be fought an argued against or nullified without ddos and cracking. Granted, it's difficult and often seems hopeless at that point.
I'm all for fighting the good fight, but there is no use in 1) exacting vigilante justice because you are impatient or 2) exacting vengeance because you stand to lose from a judgement. The republic (what's left of it) provides legal avenues from which to punish violators, establish new legislation, and overturn precedent. I'm not sure those avenues are completely shut just yet. With many citizens, such methods are not practical to effect an individual's desires in the short term, but they at least provide long-term potential. Think of your kids, and think of the rights you enjoy now because people fought for them despite the fact that they would probably not see their efforts through to fruition.
The fundamental principle of civil disobedience is found in Thoreau's formulation that "Under a government which imprisons unjustly, the true place for a just man is also a prison." An act is not civil disobedience unless the protestor is at credible risk of being arrested. For a protest to deserve the honor of being described as civil disobedience, it requires risk and sacrifice.
Gandhi spent time in prison. As did MLK. And so did many of the serious anti-war activitists in the 60s.
There's a second issue. SCO is not a government. There is recourse through justice against SCO. So civil disobedience is, again, not appropriate; civil disobedience is directed against a government guilty of an injustice which cannot be redressed through ordinary means.
Those launching a DDoS against a company that's doing something stupid are risking nothing, are sacrificing nothing. They are also providing SCO with ammunition in their attempts to paint all Linux users as criminals (pirates, copyright violators, communists!). They're vandals, pure and simple, and the fact that they're vandalizing an asshole's house isn't a valid justification.
Can we get an edit for the groklaw link on the mainpage? Anyone who just skims the headlines is going to get a very skewed impression of todays events.
It is obvious to me that SCO has lost all compitent sys/net admins (who'd want to work for SCO these days anyway)and hired MCSE's to manage their Linux webservers.
Got SYN-cookie?
It certainly was effectively used by the spammers to crush their enemies. I forget the name, but one of the major anti-spam websites was forcibly closed because of DDoS, and nobody was prosecuted.
And this improved the public's perception of spammers how?
Hell, *I* use Linux and dislike SCO, but this is just a tad unprofessional. OK, I'm kinda disgusted by this behavior - it destroys a moral "high ground" that might be useful to have shortly.
That's probably exactly why SCO is faking this DDoS attack.
Rock, Paper, Scissors is outdated and has been updated. To further the "paperless society", it's just Rock, Scissors. Daryl took the scissors and is running around with them sharp end pointed up. I guess we'll just have to find a rock to throw at him. Not the same but fun none the less!
Beware blue cats moving at
They had a 3rd person connect to their 2 user version of SCO Unix?
To know that you know what you know, and that you do not know what you do not know, that is true wisdom. --Scooby Doo
Just because a system administrator has taken steps (SYN Cookies, kernel tweaking, etc.) to severely limit the SYN flood's access to a network service doesn't mean the box is impervious to this type of attack. The traffic alone when coming from many different hosts, likely including hundreds of university/cable drones, can overpower their bandwidth capabilities. Also lets not forget that they are trying to keep http open to legitimate connecting clients.
Except that, in the MS antitrust case, MS lost and yet we, the people, got screwed because the "justice" system refused to treat MS the same way it treats normal citizens, and MS as a result wasn't penalized in any meaningful way for its crime. And that's despite the callous disregard for the law and the "justice" system MS showed in the courtroom. No ordinary citizen would have survived that, much less be let off scott-free.
No, there is now far too much evidence, going all the way to the Supreme Court (there's no other reasonable explanation for their decision on the Copyright Term Extension Act) that the "justice" system has absolutely nothing to do with justice and everything to do with money and power to believe that it will ever yield a reasonable outcome except through sheer luck.
And in the case of SCO, we're in luck. If there's any computer company that has what it takes to take on MS (even if MS is using SCO as a proxy), it's IBM. If SCO had picked a smaller target we'd much more likely be screwed, given that SCO has backing from MS.
Use 'slashdot stuff' in the subject line in any email you send me if you want to get past the spam filter.
No one can fall victim of a SYN flood attack these days. You don't need a DDOS with "thousands of servers" to do a SYN flood attack. SCO's ISP isn't suffering anything related to a DDOS attack. The shutdown pattern of the SCO's servers shows that they were unpluged. Groklaw has a good disection of the hoax.
/. editors waiting for, in order to update the story stating it as a fraud from SCO.
Therefore, I would like to know what are the
I wouldn't be surprised if SCO issues a press release tomorrow saying that the evidence they were going to show in January 5 was destroyed.
This is just too much. I thought "evil corporations" existed only on comic books, and hollywood movies.
Actually, they are using Linux. Most likely, they are using UnitedLinux based on SUSE. All SUSE distros have syn flood protection enabled by default. Plus, many people report their FTP server was fine all this time on the same subnet. SCO's story doesn't add up. It looks like they shut off their webserver to have another excuse at a press release to try to drive their stock price back up in order to dump more shares to buy shiny Christmas presents.
That's my guess anyway.
SCO has launched a denial of truth attack against the linux community.
ftp.sco.com has an adjacent ip, probably on the same switch, and it is perfectly responsive. It's not a bandwidth clogging attack.
The following machines are running currently-reachable FTP servers:
216.250.128.7
216.250.128.13
216.250.128.14
216.250.128.15
216.250.128.16
216.250.128.17
I was able to download /pub/ls-lR from ftp.sco.com (216.250.128.13) 74.91 KB/s (600 Kb/s). My broadband is rated at 640 Kb/s, so the bottleneck was likely at my end. These machines are almost certainly on the same subnet and are likely connected to the same gear (SCO's subnetting is their choice, but if ftp.sco.com and www.sco.com are on different subnets, their subnet masks are 255.255.255.254 and they must have only two IPs per subnet - I don't believe this is even possible as you need a network and a broadcast IP for each subnet).
The fact that all of these machines are reachable and that at least one of them can saturate a broadband link indicates that SCO is not having any bandwidth problems. I also performed some ICMP tests and the machine is not sending out port-unreachables, timestamp-replies or netmask-replies - these seem blocked upstream. I'm getting a little nervous sending out these funny packets as I don't want anyone to accuse me of anything, but everything indicates that the machine is completely offline. If they allowed some ICMP replies through upstream, receiving a reply would show that the machine is actually online, but somehow cannot handle TCP requests (and the problem is not bandwidth as shown, so it would have to be something wrong with the host, such as a firewall rule); if they allowed through ICMP replies and the machine did not respond whereas others on the subnet did respond, it would show that the machine is almost definitely offline unless it has a more restrictive firewall than the other machines (very unlikely given that this, as-claimed, could have been prevented with syncookies). As it stands, one can only say that the machine is very likely offline (unplugged or turned off).
SCO's incoming mail server seems to be working fine. They only have one MX record for sco.com and it resolves to 216.250.130.2 for me at the moment. I only connected to it and saw a banner, but easy way to test this further is to send a message to an invalid address @sco.com and see if a bounce gets back. I don't want to give them an email address.
All of this is current as of 2003-12-10 21:57, Mountain time (SCO is in Utah). Further investigation lead nowhere; thus the delay in the post.
Early in the morning, someone was exploiting a rooted SCO corporate web server. But they tripped over an intrusion detection alarm. System/network administrators were notified.
Per their company policy, they shut SCO's entire network off from the entire world. "Internal mail servers and other support servers were unavailable." After a few hours, they determined that the intrustion was limited to the main corporate web server. The web server was broken off from the network. Network connectivity was restored (but no longer having a web server). "The web server is under a denial of service attack."
SCO employees begin the process of either restoring the existing web server from backup, or preserving the existing server, and bringing online a new server from bare metal. The process is expected to take at least twelve hours. An SCO executive informs at least one media outlet that they expect the problem to be resolved in some time after twelve hours. They're still working on it.
This also fits what happened in August, when their corporate web server was unavailable for THREE DAYS. When it was brought back online, the content was reportedly changed in some areas. It sounds like an inexperienced bare-metal restore or an untested solution. Perhaps part of the web site was not retreivable via backup, and they had to recreate some sections from scratch.
My theory, which I believe totally fits the facts, is that SCO has been rooted and does not want to admit this publicly. So the DDoS/SYN is their cover story, which is close, but doesn't fit the facts well enough to avoid suspicion.
I would appreciate a read on this theory with some feedback postive/negative.
How can I contact this Center7? I want to be isolated from SCO!
warning: This post is likely to contain gobs of dripping sarcasm. Consume at your own risk.
IT didn't affect it at all.
1. The public can't even spell DDoS, yet alone know what it is.
2. The public has no idea what a email blacklist is, or why they're important for fighting spammers. To them, telling people that one of these sites would elicit a "huh?" response, not a "oh, damn!".
3. The public most likely didn't hear about the spammers pulling this crap, because CNN was too busy showing happy puppies and ignoring real news (like this, the war crimes in Iraq, etc).
So yeah. The spammer's reputations, which are tarnished beyond repair already, are, er, "safe", such as it is.
The Age has an article titled Doubts cast on SCO claims of denial of service attack. It's good to see a mainstream news service not just reporting the FUD but actually digging a little deeper.
Even if this is a true DOS attack, why is this news? Imagine if Microsoft or Google or IBM put out a press release everytime somebody attacked their servers. If you are a big or a loud company, these things will happen. Don't whine, fix it and get on with life.
The public has no idea what a email blacklist is, or why they're important for fighting spammers.
As a member of the public, I want you to know that I am offended by your use of the term "blacklist".
It is offensive to all African-Americans and other People of Color. Why must "black" always be equated with "bad", when exploitative White male colonizers are the source of all evil in the world?
You might as well perpetuate the culture of oppression by referring to some disk drives as "Master", and some as "Slave".
I will petition the Los Angeles City Council to ban the use of these "blacklists" altogether!
I urge my fellow easily offended perpetually victimized knee-jerk progressives to join me in this vitally important crusade.
Opinions on the Twiddler2 hand-held keyboard?
Curiously, in the time that SCO's site was "being attacked" they managed to
o .com shows they have gone from using linux/apache before the attack, to unknown/apache after the attack.
1. give the site a bit of a revamp. It's different, and content has changed.
2. Switch operating systems. http://uptime.netcraft.com/perf/graph?site=www.sc
Now, you're in the middle of what you claim is a network attack. You say your site is down, email is down, support is down, and you're working hard to get these things going again... so instead of actually trying to get the network up again, you revamp the site and change the OS of the server
SCO is so full of shit, and the mainstream media is licking up their bullshit press releases. Blah.
Linux's Hypocrisy Buffer probably overflowed, so it automatically deinstalled. Either that, or the kernel panicked and left the building.
Watch for D'ohl and co to explain that they had to replace their Linux server with UnixWare 'coz "Linux couldn't take the heat". Whackers.
Got time? Spend some of it coding or testing
Further assume that it is a Linux person(s) even though the community as a whole came out against the first attack. Why not likely?
Ok, so, maybe it is not a Linux person.
Instead assume it is somebody trying to make Linux ppl look bad. huummmmm.
Finally, assume that it is some SK that is trying to showoff. Normal situation with a site that is easy to take out and would get lots of press play.
I can safely assume the later 2 are more probable, while the first is not likely.
To be honest, I would also assume that SCO can be lying about being under attack.
I prefer the "u" in honour as it seems to be missing these days.
Come on.....
1 63721614
There are only a few possibilities:
1: SCO's IT department doesn't know what syn cookies are and how they relate to Linux (which the DO run their site on). They evidently don't know how to configure CISCO routers in order to block syn floods either. In this case SCO is incompetent...
2: SCO is deliberately not protecting their networks in order to draw attention to themselves.
3: SCO is sabotaging their own networks.
4: The ctber-attack story is completely made up and has no truth value.
The Groklaw story is worth reading:
http://www.groklaw.net/article.php?story=20031210
LedgerSMB: Open source Accounting/ERP