Netcraft Jokes About SCO's Virus Fears

Elektroschock writes: "Through the media SCO Group sent the message that a virus writer that targets its website would be a Linux enthusiast. Netcraft has its own funny remarks in a dogfood article." Some of you might get a cackle out of the third solution.

Hey now....

[BWJones]

From the article: Spend Saturday soaking up the totally awesome graphics on the Stealth bomber flight simulators, and then obliterate most of Utah, sco.com name servers and all, on Sunday morning hours before the DDoS is due to hit Slashdot. SCO Execs still laughing themselves helpless about the /. Effect when the bomb hits.

Hey now, not everybody in Utah is a SCO exec or a polygamyist. I suppose this is the toll that association takes however, even if that association is geographic as opposed to ideological, political or religious. Believe it or not, there are good things to come out of Utah, such as much of the technology responsible for computer graphics, some kickin' genetics research, some of the best skiing in the world, good beer, and last but not least, is the home of computational molecular phenotyping. :-)

Re:Hey now....

[Rosco+P.+Coltrane]

some kickin' genetics research [utah.edu]

No wonder, they have a rather large population with a very coherent DNA to study there :-)

(Yes, I'm half-joking, and no I'm not flaming. Utah folks are nice overall, but it's true that polygamy was practiced there up to 100 years ago mainly to populate Utah as quickly as possible from the small band of initial settlers. Those who've been to Utah know the proportion of white blond-haired blue-eyed people bearing the same last name there is quite staggering. Sweden looks cosmopolitan compared to Utah).

Congratulations Mike

[arivanov]

Congratulations to Mike Peterjohn.

Who in btw is a founder and one of the Netcraft executives. So dunno about the dogfood. I wish other company CTOs could post dogfood like that.

Re:Not as bad as everyone thinks.

[anticypher]

The original version of the worm had a bug that didn't perform any DDoS of SCO. After having bugs in the code pointed out to them by the ever willing Open Source Community and the Security Research Community, the authors of the worm have helpfully provided several updates that do actually perform the DDoS against both SCO and M$.

Apparently, the code does not perform a complete TCP handshake before trying again. It doesn't wait around for the first TCP SYN+ACK packet, it sends a TCP SYN packet every second. If, by chance, the SCO address responds with a SYN+ACK packet, then the worm sends the initial GET / HTTP/1.1\r\nHost: www.sco.com\r\n\r\n. Its difficult to tell from the decompiles if it even bothers to close the connection, or just abndons the local TCP stack to deal with closing the connection at some later time. In an internet simulator testbed, not providing SYN+ACK packets back to a worm infected microsoft machine, the TCP stack stops sending unbalanced SYN packets after 63 attempts. As a friend helpfully pointed out, you can increase this number by changing a registry setting in windoze.

I personally don't think the current management of SCO cares about their website, they certainly don't have any revenue producing features that need to be maintained. Most SCO clients rarely go to the SCO site for anything, since most maintenance is done by intermediaries like IBM Services Group, which have their own internal distribution of support and patches.

the AC