Slashdot Mirror

← Back to Stories (view on slashdot.org)

SCO Not Lying About DoS Attack

Posted by michael on from the even-a-stopped-watch-is-right-twice-daily dept.

Licensed2Hack writes "The Cooperative Association for Internet Data Analysis (CAIDA), part of the San Diego Supercomputer Center at the University of California, San Diego has an analysis of the recent DDOS on SCO.com. Netcraft also has more information in their article and analysis graphs. Seems SCO was hit with a 50,000 packet-per-second SYN flood peak, which yields approximately 20 Mb/s each way, or about the capacity of a DS3 line."

20 of 615 comments (clear)

  1. If they know all of this.... by Jaysyn · · Score: 5, Insightful

    .... where did the synflood come from?

    Jaysyn

    --
    There is a war going on for your mind.
  2. Who cares? by Dragonshed · · Score: 5, Insightful

    SCO's like the boy who cried wolf too much. Why should people care when he actually gets bitten?

  3. So they're just incompetent then? by JonMartin · · Score: 4, Insightful
    So have they just admitted that they don't bother protecting themselves from what is, in my understanding, a old and mitigatable form of attack?

    Or to put it another way, they weren't lying, they're just stupid?

    --
    Serve Gonk.
  4. SCO What.. by cybrthng · · Score: 4, Insightful

    Everyone gets DoS'd, they should be happy it stopped.

    With SCO there is just no telling if this was a PR stunt, if they set this up or if they really got attacked.

    At this juncter, i don't think it really matters because of the simple fact we don't know what SCO is up to and with everything going on we have lost faith in SCO.

    Attack or No attack is a trivial question compared to what we really know about SCO and there business practices.

    SCO freaking what!

  5. still doesn't explain everything. by xsecrets · · Score: 5, Insightful

    Why on earth did SCO respond to 700 million syn packets? if there was even a moderate level of syn protection turned on they would have just droped the majority of those packets. and the bandwith usage would be half.

  6. If they are actually telling the truth, ... by burgburgburg · · Score: 5, Insightful
    which is an extraordinarily large leap of faith considering that lying for Darl, David et. al. is like breathing for you and I, then it means that the nicest thing one could say is that they have incredibly bad sysadmins. As Groklaw pointed out, there are lots of tools out there to protect against Syn flood attacks.

    The cause that fits much better with their general operating pattern is that they purposely left themselves open to this attack to present themselves as the poor, innocent victims of the evil, Constitution-burning, enemy combatant, Open Source villans.

    I'd buy that one.

  7. Re:just another PR trick by Andy+Smith · · Score: 4, Insightful
    Great! now they get headlines simply by *not* lying
    No, they get headlines when people accuse them of lying and it turns out (apparently) that they weren't.
  8. Re:bad for open source by kirun · · Score: 5, Insightful

    Well, we can tell people we didn't want it.

    You don't win arguments by silencing your opponent (which is what DDoS is), you win them by being right. All evidence so far is the OSS community is right.

    Whoever launched these attacks has made everybody look bad. Annoying SCO isn't going to make them say "Hey! Let's be nice now!". Their business model is now suing people. It's not as if their software was selling much.

    If you're reading this DDoS dude, don't do it again, mmkay?

    --
    I'm scared of numbers that can't be written as a fraction. It's an irrational fear.
  9. Re:bad for open source by aheath · · Score: 4, Insightful
    "The only result of this kind of attack will be tarnishing of the image of Open source developers."

    Are you making an assumption that an open source developer is responsible for the DOS attack against SCO? Should the open source community be viewed as guilty until proven innocent?

    Hopefully no one in the open source community is involved in the most recent DOS attack against SCO or any other attacks against SCO's network infrastructure. Let's think of the open source community as innocent until proven guilty beyond a resonable doubt.

  10. Shoes by Overly+Critical+Guy · · Score: 5, Insightful

    Man, this whole thing sure is a lot of shoes in a lot of Slashdotters' mouths.

    --
    "Sufferin' succotash."
    1. Re:Shoes by A+Binary+Rebel · · Score: 5, Insightful

      This is probally going to get me labled as anti-linux forever on /. but why is this modded troll? Its true.

      I am as anti-sco pro-linux anti-ms as anyother /. junkie. But I also learned a long time ago to never point fingers and to never speak to soon.

      This should be modded up to at least neutrel.

    2. Re:Shoes by citog · · Score: 4, Insightful

      Because disagreeing with /. today gets you hammered by moderators...

  11. Re:SCO Paid Someone...! by justsomebody · · Score: 4, Insightful

    Actualy, what bothers me is:

    They tracked SCO was sending OUT X million responses to DoS attack. They should track packages that go IN too. Or,... they were originating from inside and faking outside which is not hard to do???

    Please somebody start a site with HOWTO - SYN PROTECTION FOR SCO or HOWTO MAKE A SIMPLE FIREWALL

    --
    Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
  12. Re:just another PR trick by madprof · · Score: 5, Insightful

    The Slashdot headline was "Security Experts Doubt SCO's Claims of DoS"...well there are lots of "experts" around here it seems, and they all thought it was a PR stunt.

    How anyone could see PR value in this is beyond me.
    The opinions that matter to SCO are those of the people who control the purse strings at companies who use Linux heavily. They are not about to jack in Linux/pay up because some script kiddies were playing games.
    It just doesn't make sense that a company would fake a DDoS attack.

  13. Re:just another PR trick by hbo · · Score: 4, Insightful

    I believe It's a knee-jerk reaction to the threat that SCO is posing to Linux and the GPL, combined with its public record of lying. The history of Unix is a tangle that Gordius of Phyrigia would be satisfied with. Interpreting IBM's rights amid the confusing welter of licenses and side agreements will not be easy, and the outcome is not so tidily in the bag as some seem to hope. PJ at Groklaw has provided lots of useful and interesting research. I read Groklaw daily. But it's obvious that Groklaw is also an advocacy site, among other things, much as Slashdot is. I worry that PJ's biases might lead her to miss important information from time to time. Since I'd like to see SCOG fail and be ground into the earth by IBM, I'd prefer she had the clearest vision possible.

    I have no evidence that Groklaw is missing tricks due to bias. It's just a worry of mine. The "SCO must be lying" bias at Groklaw and here is unmistakeable, however.

    --

    "Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers

  14. Re:just another PR trick by Trepalium · · Score: 5, Insightful
    Maybe because the timing of it all was just too damn convenient. It happened couple days after RBC deciding there's something fishy about the contingency agreement, losing against IBM's motion to compel discovery, their stock prices have been dropping, and everyone's expectations that they will not be able to get anywhere near profitable this quarter without some very creative accounting. Of course little of this made it into the same press that prints SCO's outrageous accusations and 'open letters'.

    All this happens, and then SCO suddenly becomes 'victimized by all these EVIL Open Source people', virtually guaranteeing the press won't report on SCO's other misfortune because it's 'unimportant' compared to this. Morover, they get to make Open Source people look like terrorists and bad people, and try to make it look like people should not be using software developed by these 'evil people'.

    --
    I used up all my sick days, so I'm calling in dead.
  15. Why? by etymxris · · Score: 5, Insightful

    Is every Christian responsible for the bombing of abortion clinics? Is every Muslim responsible for honor killings? Is every Linux user responsible for these attacks?

    I have little doubt that they were attacked. What seems strange to me though is that they were entirely giddy over the affair. They even went as far as issuing press releases about it. I haven't heard of any company that jumps to release PR about DDOS attacks so quickly. When forced to explain reports of DDOS attacks, a company may release a statement that clears the issues. But the first reports of these attacks came from SCO themselves. This is what raised suspicion, justifiably.

    But people shouldn't jump to conspiracy theories so quickly. Doubt of their veracity, sure? Conviction that they are lying--not justified.

  16. follow the ant trail by CAIMLAS · · Score: 4, Insightful

    This is so obvious it's not even funny.

    In nearly every scenario, you can trace the cause of something to its origin by determining who benefits the most from it. In this case,

    Does linux benefit from this DDoS? No.
    Does IBM's case benefit? No.
    Does the linux community? No.
    Do 1337 kiddies? No. (They don't get the credit - "linux hippies" get the "credit")
    Does SCO? Yes. They'll likely try to get an extension on their court order, just as earlier predicted here on slashdot.

    If I were in the FBI and looking into this scenario, I'd first look at SCO's accounting very, very carefully. My guess is that there's a debit of several dozen (hundred?) thousand for something like "Consulting Services" made within the last couple weeks.

    --
    ~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
  17. Re:just another PR trick by Trepalium · · Score: 5, Insightful
    Not exactly. I merely believe that SCO will stoop to any low in order to exploit a situation. I believe SCO's managment are opportunists in the worst sense of the word. I believe that lies are just as valuable to these people as truth is, and they will use whichever suits their purpose best.

    I know there are "Open Source people" who could and/or would stoop so low as to mount a DDoS attack on SCO. However, the fact that SCO's site isn't getting DDoSed all the time is a fairly good indicator that this 'undesirable element' is in the minority. There's a few of these kinds of jackasses in any crowd, and I wouldn't be surprised if SCO unknowningly had one or two in their midst.

    --
    I used up all my sick days, so I'm calling in dead.
  18. They can't complain too much by gilesjuk · · Score: 4, Insightful

    Even though DDOS attacks are misuse of an Internet service and illegal, some of the tactics SCO have used in this case are very dubious too. Claiming ownership of chunks of a kernel without showing any proof and not waiting for the outcome of a court case.

    The damage they have caused companies involved in Linux far outweight a bit of network outage, unless they suffer a major loss since statistics say 80% of businesses that suffer a major outage go out of business within two years. We can always hope :)

    Link to 80% statistic