Slashdot Mirror

← Back to Stories (view on slashdot.org)

SCO Not Lying About DoS Attack

Posted by michael on from the even-a-stopped-watch-is-right-twice-daily dept.

Licensed2Hack writes "The Cooperative Association for Internet Data Analysis (CAIDA), part of the San Diego Supercomputer Center at the University of California, San Diego has an analysis of the recent DDOS on SCO.com. Netcraft also has more information in their article and analysis graphs. Seems SCO was hit with a 50,000 packet-per-second SYN flood peak, which yields approximately 20 Mb/s each way, or about the capacity of a DS3 line."

27 of 615 comments (clear)

  1. If they know all of this.... by Jaysyn · · Score: 5, Insightful

    .... where did the synflood come from?

    Jaysyn

    --
    There is a war going on for your mind.
  2. bad for open source by civilengineer · · Score: 3, Insightful

    The only result of this kind of attack will be tarnishing of the image of Open source developers. But, there is nothing much anyone can do about it.

    --

    New year Resolution: Don't change sig this year
    1. Re:bad for open source by kirun · · Score: 5, Insightful

      Well, we can tell people we didn't want it.

      You don't win arguments by silencing your opponent (which is what DDoS is), you win them by being right. All evidence so far is the OSS community is right.

      Whoever launched these attacks has made everybody look bad. Annoying SCO isn't going to make them say "Hey! Let's be nice now!". Their business model is now suing people. It's not as if their software was selling much.

      If you're reading this DDoS dude, don't do it again, mmkay?

      --
      I'm scared of numbers that can't be written as a fraction. It's an irrational fear.
    2. Re:bad for open source by aheath · · Score: 4, Insightful
      "The only result of this kind of attack will be tarnishing of the image of Open source developers."

      Are you making an assumption that an open source developer is responsible for the DOS attack against SCO? Should the open source community be viewed as guilty until proven innocent?

      Hopefully no one in the open source community is involved in the most recent DOS attack against SCO or any other attacks against SCO's network infrastructure. Let's think of the open source community as innocent until proven guilty beyond a resonable doubt.

  3. Who cares? by Dragonshed · · Score: 5, Insightful

    SCO's like the boy who cried wolf too much. Why should people care when he actually gets bitten?

  4. So they're just incompetent then? by JonMartin · · Score: 4, Insightful
    So have they just admitted that they don't bother protecting themselves from what is, in my understanding, a old and mitigatable form of attack?

    Or to put it another way, they weren't lying, they're just stupid?

    --
    Serve Gonk.
  5. SCO What.. by cybrthng · · Score: 4, Insightful

    Everyone gets DoS'd, they should be happy it stopped.

    With SCO there is just no telling if this was a PR stunt, if they set this up or if they really got attacked.

    At this juncter, i don't think it really matters because of the simple fact we don't know what SCO is up to and with everything going on we have lost faith in SCO.

    Attack or No attack is a trivial question compared to what we really know about SCO and there business practices.

    SCO freaking what!

  6. still doesn't explain everything. by xsecrets · · Score: 5, Insightful

    Why on earth did SCO respond to 700 million syn packets? if there was even a moderate level of syn protection turned on they would have just droped the majority of those packets. and the bandwith usage would be half.

    1. Re:still doesn't explain everything. by phoneyman · · Score: 3, Insightful

      SCO responded with (if I read the report correctly) 700 million packets, but there have been no numbers released about the number of packets they received.

      The actual number of packets they were receiving could have been much higher.

      Pierre

  7. If they are actually telling the truth, ... by burgburgburg · · Score: 5, Insightful
    which is an extraordinarily large leap of faith considering that lying for Darl, David et. al. is like breathing for you and I, then it means that the nicest thing one could say is that they have incredibly bad sysadmins. As Groklaw pointed out, there are lots of tools out there to protect against Syn flood attacks.

    The cause that fits much better with their general operating pattern is that they purposely left themselves open to this attack to present themselves as the poor, innocent victims of the evil, Constitution-burning, enemy combatant, Open Source villans.

    I'd buy that one.

  8. Re:just another PR trick by Andy+Smith · · Score: 4, Insightful
    Great! now they get headlines simply by *not* lying
    No, they get headlines when people accuse them of lying and it turns out (apparently) that they weren't.
  9. Re:Yes but one fact remains by tb3 · · Score: 3, Insightful

    I don't see anything in your logic that says it couldn't be a combination of one from column 'A' and one from column 'B'.
    I would personally go with 1 particularly stupid monkey and 1 sucker paid by SCO.

    --

    www.lucernesys.comHorizon: Calendar-based personal finance

  10. Re:Why Nothing Should be Done... by DigiShaman · · Score: 3, Insightful

    They are also going to say that it was caused by Open Sourced software...and how they are a threat the national security.

    --
    Life is not for the lazy.
  11. Shoes by Overly+Critical+Guy · · Score: 5, Insightful

    Man, this whole thing sure is a lot of shoes in a lot of Slashdotters' mouths.

    --
    "Sufferin' succotash."
    1. Re:Shoes by A+Binary+Rebel · · Score: 5, Insightful

      This is probally going to get me labled as anti-linux forever on /. but why is this modded troll? Its true.

      I am as anti-sco pro-linux anti-ms as anyother /. junkie. But I also learned a long time ago to never point fingers and to never speak to soon.

      This should be modded up to at least neutrel.

    2. Re:Shoes by citog · · Score: 4, Insightful

      Because disagreeing with /. today gets you hammered by moderators...

  12. Re:Childish OS Hackers by chunkwhite86 · · Score: 3, Insightful

    And just what do these childish OS hackers expect to gain from this? It is not like it is going to change anything. Yes they are suing people using Linux. But thats one of the problems with open source. If there is a legal issue with the code then its your problem. That is one of the great things about microsoft. At least when you are using their software, you know that you will have microsofts army of lawers to defend any legal issues there may be with the code. Which is cheaper, buying windows, or spending months in trial?

    My ass they will. If I can prove with out a shadow of a doubt that Microsoft has included my patented and copyrighted code in Office 2003, and I start suing end users (you) directly for it, do you honestly believe that Microsoft is going to come defend you?

    The only thing Microsoft will defend is themselves and their revenue stream.

    --
    I'd rather be a conservative nutjob than a liberal with no nuts and no job.
  13. Re:SCO Paid Someone...! by justsomebody · · Score: 4, Insightful

    Actualy, what bothers me is:

    They tracked SCO was sending OUT X million responses to DoS attack. They should track packages that go IN too. Or,... they were originating from inside and faking outside which is not hard to do???

    Please somebody start a site with HOWTO - SYN PROTECTION FOR SCO or HOWTO MAKE A SIMPLE FIREWALL

    --
    Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
  14. Re:just another PR trick by madprof · · Score: 5, Insightful

    The Slashdot headline was "Security Experts Doubt SCO's Claims of DoS"...well there are lots of "experts" around here it seems, and they all thought it was a PR stunt.

    How anyone could see PR value in this is beyond me.
    The opinions that matter to SCO are those of the people who control the purse strings at companies who use Linux heavily. They are not about to jack in Linux/pay up because some script kiddies were playing games.
    It just doesn't make sense that a company would fake a DDoS attack.

  15. Re:Still doesn't add up by anthony_dipierro · · Score: 3, Insightful

    If they say that their entire DS3 was saturated why was it that I could reach ftp.sco.com during the attack?

    First of all, they didn't say their entire DS3 was saturated. They said the bandwidth of the attack was enough to saturate a DS3.

    Secondly, why not? When you're downloading 100 different files at the same time you can still use the internet, right? Packets will get dropped, but the internet can handle packets getting dropped. See, there's this thing called TCP which is a protocol on top of the IP layer and handles connections when packets are being dropped.

  16. Re:just another PR trick by hbo · · Score: 3, Insightful

    Missed this headline which is identical to the title of the story on Groklaw. Still, it was the "SCO is completely screwed and can never win" dittoheads that ran away with the idea that the DDOS was a hoax, not the Slashdot editors. (However I'm sure there's some overlap between the groups. 8)

    --

    "Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers

  17. Re:just another PR trick by hbo · · Score: 4, Insightful

    I believe It's a knee-jerk reaction to the threat that SCO is posing to Linux and the GPL, combined with its public record of lying. The history of Unix is a tangle that Gordius of Phyrigia would be satisfied with. Interpreting IBM's rights amid the confusing welter of licenses and side agreements will not be easy, and the outcome is not so tidily in the bag as some seem to hope. PJ at Groklaw has provided lots of useful and interesting research. I read Groklaw daily. But it's obvious that Groklaw is also an advocacy site, among other things, much as Slashdot is. I worry that PJ's biases might lead her to miss important information from time to time. Since I'd like to see SCOG fail and be ground into the earth by IBM, I'd prefer she had the clearest vision possible.

    I have no evidence that Groklaw is missing tricks due to bias. It's just a worry of mine. The "SCO must be lying" bias at Groklaw and here is unmistakeable, however.

    --

    "Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers

  18. Re:just another PR trick by Trepalium · · Score: 5, Insightful
    Maybe because the timing of it all was just too damn convenient. It happened couple days after RBC deciding there's something fishy about the contingency agreement, losing against IBM's motion to compel discovery, their stock prices have been dropping, and everyone's expectations that they will not be able to get anywhere near profitable this quarter without some very creative accounting. Of course little of this made it into the same press that prints SCO's outrageous accusations and 'open letters'.

    All this happens, and then SCO suddenly becomes 'victimized by all these EVIL Open Source people', virtually guaranteeing the press won't report on SCO's other misfortune because it's 'unimportant' compared to this. Morover, they get to make Open Source people look like terrorists and bad people, and try to make it look like people should not be using software developed by these 'evil people'.

    --
    I used up all my sick days, so I'm calling in dead.
  19. Why? by etymxris · · Score: 5, Insightful

    Is every Christian responsible for the bombing of abortion clinics? Is every Muslim responsible for honor killings? Is every Linux user responsible for these attacks?

    I have little doubt that they were attacked. What seems strange to me though is that they were entirely giddy over the affair. They even went as far as issuing press releases about it. I haven't heard of any company that jumps to release PR about DDOS attacks so quickly. When forced to explain reports of DDOS attacks, a company may release a statement that clears the issues. But the first reports of these attacks came from SCO themselves. This is what raised suspicion, justifiably.

    But people shouldn't jump to conspiracy theories so quickly. Doubt of their veracity, sure? Conviction that they are lying--not justified.

  20. follow the ant trail by CAIMLAS · · Score: 4, Insightful

    This is so obvious it's not even funny.

    In nearly every scenario, you can trace the cause of something to its origin by determining who benefits the most from it. In this case,

    Does linux benefit from this DDoS? No.
    Does IBM's case benefit? No.
    Does the linux community? No.
    Do 1337 kiddies? No. (They don't get the credit - "linux hippies" get the "credit")
    Does SCO? Yes. They'll likely try to get an extension on their court order, just as earlier predicted here on slashdot.

    If I were in the FBI and looking into this scenario, I'd first look at SCO's accounting very, very carefully. My guess is that there's a debit of several dozen (hundred?) thousand for something like "Consulting Services" made within the last couple weeks.

    --
    ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
  21. Re:just another PR trick by Trepalium · · Score: 5, Insightful
    Not exactly. I merely believe that SCO will stoop to any low in order to exploit a situation. I believe SCO's managment are opportunists in the worst sense of the word. I believe that lies are just as valuable to these people as truth is, and they will use whichever suits their purpose best.

    I know there are "Open Source people" who could and/or would stoop so low as to mount a DDoS attack on SCO. However, the fact that SCO's site isn't getting DDoSed all the time is a fairly good indicator that this 'undesirable element' is in the minority. There's a few of these kinds of jackasses in any crowd, and I wouldn't be surprised if SCO unknowningly had one or two in their midst.

    --
    I used up all my sick days, so I'm calling in dead.
  22. They can't complain too much by gilesjuk · · Score: 4, Insightful

    Even though DDOS attacks are misuse of an Internet service and illegal, some of the tactics SCO have used in this case are very dubious too. Claiming ownership of chunks of a kernel without showing any proof and not waiting for the outcome of a court case.

    The damage they have caused companies involved in Linux far outweight a bit of network outage, unless they suffer a major loss since statistics say 80% of businesses that suffer a major outage go out of business within two years. We can always hope :)

    Link to 80% statistic