Right, SCO's primary business isn't related to web serving so they won't really lose business or sales if their website goes down for a little bit.
However, firewalls with that kind of capacity aren't terribly expensive. (50k packets/s)
But, if the firewall was puking about the syn-flood that would also mean that it would be slow to establish connections to the ftp server? I believe most vendors use a common connection table for all inside hosts. (Wouldn't be practical for a seperate connection table for every inside ip)
My point is that most companies have some sort of firewall protecting their servers. PIX and many many others do protect against SYN attacks. These aren't exactly new.
If they are properly connected, (and the firewall has the processing/memory available to ward off the syn attack. It would make sense to buy a firewall capable of handing your link speed) then the only thing to bring you down is to generate so much data it simply floods your link to the internet.
To have the server bogged down by a SYN attack when the link is still operational is fairly poor administration. You are losing service when you don't otherwise have to.
While a single source DoS stream is 'really stupid', a DDoS using hacked machines is notoriously hard to stop and trace.
Anyway, this is my analysis. When only the WWW server was targetted, the flow was not enough to saturate the link, but there was no syn protection in front of the www server. (or poorly configured, or something along those lines) Mainly because the FTP site was still up and running on the same subnet. But from the report, later on the FTP server was also attacked, bringing up total bandwidth up even higher, possibly killing the link.
So quite obviously the www server was not protected from syn's nor was the link fully eaten up by these packets. Since the ftp server was responsive until it became a target, as well as the fact that these reports mention that the amount of traffic significantly increased when the ftp attack was launched.
There's very little to be done about a DDoS if it can saturate your link, but in this case it wasn't completely utilized (atleast until the ftp attack started), and the www server just wasn't getting adequate protection (many firewalls have syn attack thresholds where they will age out syn connections extremely fast and only pass on ones that complete to the server)
In the article it states ftp.sco.com was responsive.
That would mean that *if* a firewall was in front of the subnet that the ftp and www server was on, it was most assuredly not bogged down with syn's. Also, it means that the bandwidth wasn't an issue.
What options does that leave? An unprotected www server being syn attacked without exceeding the bandwidth of the link, or just an IT snafu. Either way its just poor network engineering.
The poster above about the disk times in application load performance is right now, however also...
You make the mistake of assuming a 1:1 ratio of CPI (clock cycles/instruction) between each of the two systems, compounded by a difference in the number of instructions needed to complete a certain task, followed by the amount of parallel pipes in each processor... etc etc etc
I think the point is that its a sad state of affairs when MIT won't even use their own students to do the job. Also, the fact that a place like MIT bases their platform of choice on simply what some gartner report says is also saddening.
It may be the case that most colleges teach UNIX platforms (mine does) and not Microsoft platforms for their CGI/etc courses, resulting in the shift to India.
I dont mind or take offense to someone who shares 1k of songs and gets busted for 4k. What I do think is wrong is the 800k-100+million value which they use to strongarm and intimidate.
Using a program as it was designed (to read email), comes with the un-intended consequence of opening yourself and your company to a number of security holes.
Now, with Kazaa, whatever you want to share, is your business. As far as I know, it doesn't have any unintended side effects. (Except the spyware it comes with, but thats a different story.)
Anyway, I fail to see why this is a double standard, and why this post is +5 insightful.
The only thing suprising (or maybe not?) about this is Microsoft's apathy. Yes, it is a mis-configured mail server, possibly resulting from a virus infection. However, in all of the removal docs I never saw it mentioned to check and re-disable the guest account.
I can easily see how many people would simply RTFA on how to remove it, not read anything about it re-enabling the guest account, and simply think they are okay.
After a quick read of the Symantec removal steps, they did not include anything about a Guest account.
Interesting, I could not find the paragraph you mentioned in the release.
This is the original paragraph:
"By running the current version of the Solaris OS on the AMD Opteron processor platform, we are experiencing substantial improvements in kernel performance for Solaris over other x86-based systems, " said John Fowler, chief technology officer, software, Sun Microsystems. "With the Solaris OS running on the AMD Opteron processor, our customers and partners can take advantage of unique features such as containers delivering virtualization and high levels of security. Solaris has led the industry in proven military grade security built-in to the OS, and with Trusted Solaris OS, offering unmatched levels of privacy."
Either you added some creative additions (likely) or Sun changed it.
I equate this to computer security releases. Would you rather be fully disclosed about a potential security hole or would you rather live in ignorance?
These kinds of things need to be researched. Mainly because the cost of creating these is becoming lower and lower. Would you rather have no research done on how to protect against these? For those of you thinking the US would actually weaponize this stuff, I suggest a full body tinfoil suit.
Uh, I'm sorry, you seem to be mistaking me for someone who hasn't played what you term 'Real RPG's'. I may be going against the slashdot geek-cool factor here but I enjoy mmo's a lot more.
Furthermore, who are you to judge people who play mmo's as 'pathetic no-life's'. I'm sure your life is quite lackluster in others eyes, and I wouldn't go around juding others for what they choose to do with their time.
To compound this, it is obvious you have not played MMO's to any real extent. The whole idea of MMO's is being able to band together with your friends to be able to do things you yourself would be unable to do alone. Which runs directly counter to your argument of everyone playing solo near each other.
Why is this sob story posted to slashdot? Its quite apparent that he hasn't gotten very far in any of the games (2-3 weeks in most mmo's isn't going to get you to any real world-changing excitement) After all, if these games are going to last, how can we have every random little middle-tier player 'changing the world'. Even in todays world that doens't happen.
"So if I'm on your server with only three others at four in the morning, please let me do something meaningful with my time, and don't force me to join up with someone as obnoxious as I am to level up. That's just cruel."
He is missing the largest part of mmo's, the key idea being other people. He readily admits that he doesn't like to associate with other people like himself who play at odd hours. So my question is, why are you bothering to play an MMORPG in essentially single-player mode? These games are designed around social structures, and needing a group of people to get things done. Your lament at not being able to do anything 'world changing' in the first 2 weeks of the game *by yourself* is laughable.
If you want to play an MMO, play it as it is intended, with other people. If you want to play a game by yourself, pick one that was designed for it. Its really that simple. All of his other misdirected rants basically come down to the simple fact that he is trying to play a *massively multiplayer* game by himself.
Exactly right. When I'm talking about g n u slash linux with my friends or people who I'm working with I just call it linux, because try saying g n u slash linux 10 times over and not losing people or just irratating them.
Simple fact of the matter is that people choose the easy way out in conversation and its far easier to say linux than g n u slash linux.
Slashdot Mirror
Right, SCO's primary business isn't related to web serving so they won't really lose business or sales if their website goes down for a little bit.
However, firewalls with that kind of capacity aren't terribly expensive. (50k packets/s)
But, if the firewall was puking about the syn-flood that would also mean that it would be slow to establish connections to the ftp server? I believe most vendors use a common connection table for all inside hosts. (Wouldn't be practical for a seperate connection table for every inside ip)
My point is that most companies have some sort of firewall protecting their servers. PIX and many many others do protect against SYN attacks. These aren't exactly new.
If they are properly connected, (and the firewall has the processing/memory available to ward off the syn attack. It would make sense to buy a firewall capable of handing your link speed) then the only thing to bring you down is to generate so much data it simply floods your link to the internet.
To have the server bogged down by a SYN attack when the link is still operational is fairly poor administration. You are losing service when you don't otherwise have to.
While a single source DoS stream is 'really stupid', a DDoS using hacked machines is notoriously hard to stop and trace.
Anyway, this is my analysis. When only the WWW server was targetted, the flow was not enough to saturate the link, but there was no syn protection in front of the www server. (or poorly configured, or something along those lines) Mainly because the FTP site was still up and running on the same subnet. But from the report, later on the FTP server was also attacked, bringing up total bandwidth up even higher, possibly killing the link.
So quite obviously the www server was not protected from syn's nor was the link fully eaten up by these packets. Since the ftp server was responsive until it became a target, as well as the fact that these reports mention that the amount of traffic significantly increased when the ftp attack was launched.
There's very little to be done about a DDoS if it can saturate your link, but in this case it wasn't completely utilized (atleast until the ftp attack started), and the www server just wasn't getting adequate protection (many firewalls have syn attack thresholds where they will age out syn connections extremely fast and only pass on ones that complete to the server)
Anyway, just the analysis of a college kid.
Resolve ftp.sco.com and www.sco.com.
.8 and .16 are the nearest VSLM netmasks, which means they exist on the same subnet.
216.250.128.13 and 216.250.128.12
In the article it states ftp.sco.com was responsive.
That would mean that *if* a firewall was in front of the subnet that the ftp and www server was on, it was most assuredly not bogged down with syn's. Also, it means that the bandwidth wasn't an issue.
What options does that leave? An unprotected www server being syn attacked without exceeding the bandwidth of the link, or just an IT snafu. Either way its just poor network engineering.
That should read 'right on'.
What, theres a preview button?
The poster above about the disk times in application load performance is right now, however also...
You make the mistake of assuming a 1:1 ratio of CPI (clock cycles/instruction) between each of the two systems, compounded by a difference in the number of instructions needed to complete a certain task, followed by the amount of parallel pipes in each processor... etc etc etc
Looks like Darl is just a small speed bump as the ball continues to roll.
This is a sad day. Some of my favorites have been Black Isle productions.
I think the point is that its a sad state of affairs when MIT won't even use their own students to do the job. Also, the fact that a place like MIT bases their platform of choice on simply what some gartner report says is also saddening.
It may be the case that most colleges teach UNIX platforms (mine does) and not Microsoft platforms for their CGI/etc courses, resulting in the shift to India.
The 4k'ish is a much more reasonable value.
I dont mind or take offense to someone who shares 1k of songs and gets busted for 4k. What I do think is wrong is the 800k-100+million value which they use to strongarm and intimidate.
Explain to me without using patented RIAA-math how 100+ million dollars is reasonable and fits the crime.
The 100+ million dollar figure isn't suprising to you?
Using a program as it was designed (to read email), comes with the un-intended consequence of opening yourself and your company to a number of security holes.
Now, with Kazaa, whatever you want to share, is your business. As far as I know, it doesn't have any unintended side effects. (Except the spyware it comes with, but thats a different story.)
Anyway, I fail to see why this is a double standard, and why this post is +5 insightful.
Not only that, but so has the /. discussion.
2 2&mode=thread&tid=141&tid=187&tid=188&tid=98&tid=9 9
http://slashdot.org/article.pl?sid=03/09/10/15412
The only thing suprising (or maybe not?) about this is Microsoft's apathy. Yes, it is a mis-configured mail server, possibly resulting from a virus infection. However, in all of the removal docs I never saw it mentioned to check and re-disable the guest account.
r ed .ii.html
I can easily see how many people would simply RTFA on how to remove it, not read anything about it re-enabling the guest account, and simply think they are okay.
After a quick read of the Symantec removal steps, they did not include anything about a Guest account.
http://www.symantec.com/avcenter/venc/data/code
Interesting, I could not find the paragraph you mentioned in the release.
This is the original paragraph:
"By running the current version of the Solaris OS on the AMD Opteron processor platform, we are experiencing substantial improvements in kernel performance for Solaris over other x86-based systems, " said John Fowler, chief technology officer, software, Sun Microsystems. "With the Solaris OS running on the AMD Opteron processor, our customers and partners can take advantage of unique features such as containers delivering virtualization and high levels of security. Solaris has led the industry in proven military grade security built-in to the OS, and with Trusted Solaris OS, offering unmatched levels of privacy."
Either you added some creative additions (likely) or Sun changed it.
If you think a law is going to prevent the development of universal garage door openers...
I equate this to computer security releases. Would you rather be fully disclosed about a potential security hole or would you rather live in ignorance?
These kinds of things need to be researched. Mainly because the cost of creating these is becoming lower and lower. Would you rather have no research done on how to protect against these? For those of you thinking the US would actually weaponize this stuff, I suggest a full body tinfoil suit.
Uh, I'm sorry, you seem to be mistaking me for someone who hasn't played what you term 'Real RPG's'. I may be going against the slashdot geek-cool factor here but I enjoy mmo's a lot more.
Furthermore, who are you to judge people who play mmo's as 'pathetic no-life's'. I'm sure your life is quite lackluster in others eyes, and I wouldn't go around juding others for what they choose to do with their time.
To compound this, it is obvious you have not played MMO's to any real extent. The whole idea of MMO's is being able to band together with your friends to be able to do things you yourself would be unable to do alone. Which runs directly counter to your argument of everyone playing solo near each other.
Maybe it is you who is missing something?
Its called Shadowbane.
Why is this sob story posted to slashdot? Its quite apparent that he hasn't gotten very far in any of the games (2-3 weeks in most mmo's isn't going to get you to any real world-changing excitement) After all, if these games are going to last, how can we have every random little middle-tier player 'changing the world'. Even in todays world that doens't happen.
"So if I'm on your server with only three others at four in the morning, please let me do something meaningful with my time, and don't force me to join up with someone as obnoxious as I am to level up. That's just cruel."
He is missing the largest part of mmo's, the key idea being other people. He readily admits that he doesn't like to associate with other people like himself who play at odd hours. So my question is, why are you bothering to play an MMORPG in essentially single-player mode? These games are designed around social structures, and needing a group of people to get things done. Your lament at not being able to do anything 'world changing' in the first 2 weeks of the game *by yourself* is laughable.
If you want to play an MMO, play it as it is intended, with other people. If you want to play a game by yourself, pick one that was designed for it. Its really that simple. All of his other misdirected rants basically come down to the simple fact that he is trying to play a *massively multiplayer* game by himself.
Mod the parent down for not reading the article. Something 4:Insightful is just ridiculous for that.
"Of the respondents, 73 percent had Linux implementation plans, according to the survey."
Exactly right. When I'm talking about g n u slash linux with my friends or people who I'm working with I just call it linux, because try saying g n u slash linux 10 times over and not losing people or just irratating them.
Simple fact of the matter is that people choose the easy way out in conversation and its far easier to say linux than g n u slash linux.
Why is this modded up as +4? Can you buy a Powerbook without OSX?