SCO Group Web Site Attacked Again 564
FreeLinux writes "With not much SCO news today, it seemed that this story was needed - Reuters is reporting that, SCO is again suffering under a DDoS attack that has crippled their web site and email system since Wednesday morning. For the third time this year, the SCO Group's Web site came under attack, apparently by hackers unhappy with the company's legal threats against users of the Linux operating system. The denial-of-service attack started at 6:20 a.m. EST Wednesday and continued through the day, said Blake Stowell, spokesman for the Lindon-based company."
And groklaw... (Score:5, Informative)
Re:And groklaw... (Score:5, Informative)
And a DDoS doesn't have a timeframe. SCO claimed they will be able to get up and going again within 12 hours. So they know it's a DDoS, and don't know who's doing it, but know when it'll stop?
Good one SCO. Makes us chuckle.
Re:And groklaw... (Score:5, Interesting)
C'mon, /., check with the source next time! (Score:5, Insightful)
Folks, if it's a SCO story, check with Groklaw before passing judgment. For every bit of FUD coming out of Linden, a blast of anti-FUD is lobbied back.
Re:And groklaw... (Score:5, Informative)
Anyhow folks, the consensus at Groklaw is that either SCO are lying through their teeth and this is all FUD, or their network admin staff are a bunch of incompetents.
There are no prizes for guessing what the
In specific, the outage at www.sco.com started before the reported time by several hours, was already under analysis by Groklaw before the claimed time, the pattern of the servers shutoff is NOT consistent with a SYN DDOS (the claimed attack), but it is consistent with either a planned shutdown, or a network cable being unplugged.
There was no slowdown of service - see netcraft for the stats. SCO claim e-mail and other services were compromised which do not use the TCP SYN/ACK and are not therefore vulnerable to this attack (when on different servers (which they are, see groklaw for a list). ftp.sco.com remained up, despite being on the same subnet, and smtp.sco.com would respond throughout the duration of the supposed 'attack'.
The above is a synopsis of Work presented for analysis at Groklaw, any mistakes are my own, any credit is due to the authors on Groklaw and to PJ.
Re:And groklaw... (Score:5, Funny)
Re:And groklaw... (Score:4, Interesting)
"email"? SMTP? POP3? IMAP? All of these are TCP-based, and are therefore vulnerable to SYN flooding.
My guess is a little less conspiracy theory oriented. Some IT guy at SCO royally screwed up and took down an important server. He tried to fix it, but got yelled at by management before he could resolve things. He made up an "oh, hackers did that" story to cover his ass.
Just because it makes the open source community look bad and they thought that they *were* under attack, SCO execs handed out a press release.
Perhaps Further Evidence... (Score:5, Informative)
No hiccups today. Center7 did promise last time that they could and would isolate everyone else from SCO, so there is another explanation, but...
Re:Perhaps Further Evidence... (Score:5, Insightful)
That is interesting. Perhaps you should email pj? I'd definately go mention this over on groklaw, and give as much detail about where you work as you are comfortable doing.
If they are lying about this, this would play into Red Hat and IBM's suits/coutersuits very well. I mean, we all know they lie to the press all the time, but something like this is just over the top.
Re:Perhaps Further Evidence... (Score:3, Funny)
Sorry, but that's really funny. Does their network switch have the words "Leper Colony" taped on it?
YLFIRe:And groklaw... (Score:4, Funny)
A classy move last time this happened... (Score:5, Interesting)
He makes it clear that SCO is attacking everyone, but he opposes DOS'ing them saying that "the open source community must use the truth, not criminal methods, as its weapons." Nicely done
Re:A classy move last time this happened... (Score:5, Insightful)
ESR persistently claims to speak for all hackers or "our tribe" or "our community". Such a thing has such fuzzy boundaries that it has no single opinion, and even if it did ESR wouldn't represent it.
Being pedantic about terminology may or may not be a good tactic, but I think it's understandable for RMS to resist the FSF being written out of history by clueless journalists.
And again... (Score:3, Redundant)
Or not. (Score:5, Informative)
suspect (Score:5, Insightful)
I am willing to bet.... (Score:5, Funny)
Press release to follow.....
In other news (Score:4, Funny)
Ping (Score:5, Funny)
More SCO FUD (Score:5, Informative)
If it is a DDoS attack, SCO are incompetent for not blocking it. Or it is just more FUD.
Self Inflicted (Score:5, Informative)
You mean they reported... (Score:5, Funny)
Crybabies!
FUD (Score:5, Informative)
See the netcraft stats for that little bit. If SCO make any claim that this is a DDOS, they are lying through their teeth and the evidence was collected as it happened - see the members zone at Groklaw for the raw Traceroute returns.
Re:FUD (Score:5, Funny)
The above was humour. Laugh, damn your eyes.
Not a DDoS... (Score:5, Funny)
I'm sure it's all your fault. (Score:3, Funny)
I call BS.
Expect letters from Boies and company any time now. "SCO Sues Media Giant Slashdot" the next headline?
Dlugar
Probably because of kris_kringle@sco.com... (Score:4, Funny)
I tried it, it works. At least someone at SCO has some sense of humor.
How do I join? (Score:5, Funny)
Re:How do I join? (Score:5, Funny)
ncftpget ftp://ftp.sco.com:/pub/scox/scoxdevcd.iso
Re:How do I join? (Score:3, Funny)
It's not even a very good hoax (Score:5, Informative)
It's clear that SCO's run out of technical people; not only are they faking technical problems, they can't even make up a technically sound attack on their own systems.
Re:It's not even a very good hoax (Score:5, Insightful)
I hear the sound of the world's smallest violin... (Score:3, Funny)
Sad state of affairs in general (Score:5, Insightful)
I find it quite sad that our community has to loudly distance itself from supposed DDoS attacks and such against SCO while SCO makes a total mockery of the legal system and justice in general with their current campaign. For those who may not have noticed some earlier posts, discussion on Groklaw has brought up the possibility that this isn't a DDoS, but either just idiotic network admins on SCO's part, or perhaps even an intentional takedown to *cough* allow for a nice bit of publicity on their part. Whatever the true case is (and I'm not advocating any as the real one, I'll leave that for others to decide), SCO has certainly scored some nice negative publicity towards the OSS crowd, even if the DDoS is real and the attackers have nothing to do with OSS.
IIRC there was an earlier supposed DDoS against SCO's servers that turned out to be that the servers were just down.
In any case, it's nice to see the /. crowd (as always) advocating fair play and not using vigilante justice. Too bad SCO doesn't seem to believe in the fair play bit.
Editors, please RTFA (Score:5, Insightful)
From the article header:
For the third time this year, the SCO Group's Web site came under attack, apparently by hackers unhappy with the company's legal threats against users of the Linux operating system.Where in the article did it say this? I certainly can't find it.
Slashdot editors might want to RTFA before approving a post. The submitter of this one got a wee bit overzealous.
SCO and the powers behind it... (Score:3, Insightful)
One can almost feel the power of the ring at work....
New Icon (Score:5, Funny)
Jedidiah.
Probably just replacing network printers (Score:5, Funny)
(This would have fitted on a single CD. I think we should add environmental terrorism to the list of SCO's offences.)
It is a crock of shit and it stinks. (Score:5, Insightful)
I've been folowing this story all day and the last thing I expected to see on /. was a regurgitation of "facts" with a 'questionable heritage'.
Several sites (groklaw, lwn) have already pointed out that the claims of being hacked [yahoo.com] should be viewed with a liberal ointment of skepticism for any of the following reasons;
SCO's Hack Attacks A Complete Lie (Score:5, Interesting)
I should point out, this has pretty much been covered by Groklaw already and my methods don't vary too much from those already posted by them.
SCO claims their email and web servers are unavailable because of a DDoS attack that has also infiltrated their Intranet and affected helpdesk services as well as other internal services. If this is the case, then it is more than just a DDoS they're suffering, or they are negligent in the highest order for failing to take simple steps to ensure a risk mitigated environment for conducting business within.
Lets start with their Mail Server.
Everyone has a backup mail server, usually hosted by a 3rd party to ensure that if your primary mail server is offline for any reason, mail can still be delivered successfully. The fact that SCO claimed their mail servers were unavailable suggests they either failed to purchase this extremely basic service or their setup is absolutely wrong by anyones standards. The purpose of multiple MX records is for this exact situation. You start with a high priority MX record (say 10) and work your way down the order (usually in steps of +10, so the secondary is usually 20).
Their Web Server
Their webserver is hosted on exactly the same subnet as their ftp server. However, during this attack, their FTP server has been available to anyone thats tried to connect to it. If they were suffering a DDoS attack of the proportions that SCO claims, this server would also have been affected and taken offline. Yet this is not the case. This blows open entirely the philosophy of a DDoS attack without any of the further evidence.
SCO has alluded to the fact that the attack is a basic SYN Flood. A very simple and old attack that has been blockable by nearly every appliance and OS for the past 3 years at least. Yet if they are suffering as they claim, then they are guilty of negligence for failing to apply patches or even configure their platforms correctly. Its very easy to turn the SYN Cookies on in Linux (sysctl isn't rocket science) and just as easy in something like a Cisco Router/PIX Firewall or a Checkpoint Firewall.
The claims that this has adversely affected their intranet suggests that the intranet is in some way exposed to the Internet. Even more alarming is the fact that it disabled their Helpdesk services for a period as well. This would suggest that their network has absolutely no perimeter protection of any kind. The smallest flaw in a product they use could apparently be used to access their core network infrastructure. Isn't that where their source code and IP documentation are kept? I'd start getting very worried about now if I were an investor.
Due diligence is a core principle of any company. That includes ensuring that the services relied upon are securely and properly setup and maintained. If SCO truly has been affected by an attack of any kind on the magnitued they're claiming, then they should be legally responsible for the results of their failure to perform due diligence. (However, IANAL so don't quote me on legalities, especially given I live in NZ, not the US).
In short, the supposed attack on SCO does not add up at all. In fact, if they are being attacked this time round, they are in serious legal trouble themselves if their reports are accurate.
I would also question why they have released this to the press as a Press Release instead of getting on with fixing the problem as quickly as possible. Also, how is it that their mail services are now restored, their FTP server never offline, yet their website remains offline? Surely, a DDoS would affect both.
Not to mention the fact that it would affect SCOs upstream provider who, when contacted last time, saw absolutely no evidence of an attack in progress at a
Re:SCO's Hack Attacks A Complete Lie (Score:4, Interesting)
Now we get this 'quick fix' press release that gets to paint the Linux community as a bunch of criminals and thugs. They know full well the press won't bother to check facts, and it should be enough to distract from the negative things that have been happening. They get to look like a victim in the press, and they can do so without any proof what so ever.
Payment flood (Score:5, Funny)
maybe they claim to own "DDOS" too... (Score:5, Funny)
The truth about the "attack". (Score:5, Funny)
SCO's technicians are busy working to fix the problem.
Comment removed (Score:5, Insightful)
its amazing.. (Score:3, Insightful)
DDoS (Score:3, Funny)
SCO quicly respond by sending a quickfix pressrelease.
Actually, if this was real, ... (Score:3, Insightful)
double bluff? (Score:5, Insightful)
There is a decent chance that their claims are designed to inflame.
Claim the Open Source community is behind it and you get a bunch of people who have already been accused starting to think they may as well commit the 'crime' for which they are being blamed.
Sure the claims made by SCO have always been seen to be ridiculous, from a technical POV. But their point has never been to convince the geeks. They are playing to a larger audience and seen in that light their bumbling and fumbling, technically, starts to look a little more deliberate.
Call me paranoid, but SCO could be trying to create the incident they claim is ocurring right now.
Embarrassing files missing? (Score:5, Interesting)
There are some rumours floating around the Yahoo SCOX message board that several directories containing Linux source code, such as patches and updates, are now missing from SCO's ftp server. Months ago, many people pointed out that SCO itself continued distributing copies of the kernel in support and updates directories on their ftp server. There is also speculation the strangely internal nature of this so-called DDoS attack may be part of an Ollie North operation to prevent certain evidence from falling into IBM's hands via discovery.
SCO's execs need to read The Boy Who Cried Wolf a few times, and learn the lesson within. Darl, unlike Ken Lay, does not have close friends in the White House, and probably would not escape prosecution for any illegal acts being committed under his watch at SCO.
Re:Embarrassing files missing? (Score:5, Interesting)
Yahoo SCOX Thread [yahoo.com].
Maybe (Score:3, Funny)
The timing is suspicious (Score:3, Insightful)
Some of the wall street lemmings will fall for this, just like many
S
The /. story should be updated stating the hoax... (Score:4, Interesting)
Therefore, I would like to know what are the
I wouldn't be surprised if SCO issues a press release tomorrow saying that the evidence they were going to show in January 5 was destroyed.
This is just too much. I thought "evil corporations" existed only on comic books, and hollywood movies.
lies (Score:5, Informative)
The following machines are running currently-reachable FTP servers:
216.250.128.7
216.250.128.13
216.250.128.14
216.250.128.15
216.250.128.16
216.250.128.17
I was able to download /pub/ls-lR from ftp.sco.com (216.250.128.13) 74.91 KB/s (600 Kb/s). My broadband is rated at 640 Kb/s, so the bottleneck was likely at my end. These machines are almost certainly on the same subnet and are likely connected to the same gear (SCO's subnetting is their choice, but if ftp.sco.com and www.sco.com are on different subnets, their subnet masks are 255.255.255.254 and they must have only two IPs per subnet - I don't believe this is even possible as you need a network and a broadcast IP for each subnet).
The fact that all of these machines are reachable and that at least one of them can saturate a broadband link indicates that SCO is not having any bandwidth problems. I also performed some ICMP tests and the machine is not sending out port-unreachables, timestamp-replies or netmask-replies - these seem blocked upstream. I'm getting a little nervous sending out these funny packets as I don't want anyone to accuse me of anything, but everything indicates that the machine is completely offline. If they allowed some ICMP replies through upstream, receiving a reply would show that the machine is actually online, but somehow cannot handle TCP requests (and the problem is not bandwidth as shown, so it would have to be something wrong with the host, such as a firewall rule); if they allowed through ICMP replies and the machine did not respond whereas others on the subnet did respond, it would show that the machine is almost definitely offline unless it has a more restrictive firewall than the other machines (very unlikely given that this, as-claimed, could have been prevented with syncookies). As it stands, one can only say that the machine is very likely offline (unplugged or turned off).
SCO's incoming mail server seems to be working fine. They only have one MX record for sco.com and it resolves to 216.250.130.2 for me at the moment. I only connected to it and saw a banner, but easy way to test this further is to send a message to an invalid address @sco.com and see if a bounce gets back. I don't want to give them an email address.
All of this is current as of 2003-12-10 21:57, Mountain time (SCO is in Utah). Further investigation lead nowhere; thus the delay in the post.
Alternate theory which fits the facts. (Score:5, Insightful)
Per their company policy, they shut SCO's entire network off from the entire world. "Internal mail servers and other support servers were unavailable." After a few hours, they determined that the intrustion was limited to the main corporate web server. The web server was broken off from the network. Network connectivity was restored (but no longer having a web server). "The web server is under a denial of service attack."
SCO employees begin the process of either restoring the existing web server from backup, or preserving the existing server, and bringing online a new server from bare metal. The process is expected to take at least twelve hours. An SCO executive informs at least one media outlet that they expect the problem to be resolved in some time after twelve hours. They're still working on it.
This also fits what happened in August, when their corporate web server was unavailable for THREE DAYS. When it was brought back online, the content was reportedly changed in some areas. It sounds like an inexperienced bare-metal restore or an untested solution. Perhaps part of the web site was not retreivable via backup, and they had to recreate some sections from scratch.
My theory, which I believe totally fits the facts, is that SCO has been rooted and does not want to admit this publicly. So the DDoS/SYN is their cover story, which is close, but doesn't fit the facts well enough to avoid suspicion.
I would appreciate a read on this theory with some feedback postive/negative.
Re:Alternate theory which fits the facts. (Score:4, Insightful)
> The problem with this theory is that it hinges on a corporation
> as large as SCO being fairly incompetent.
I assumed that was a given, actually. If you take them at their word, as an operating system manufacturer/distributor, and a web solutions provider, they'd have to be totally incompetent. I mean, if you believe SCO's story, they are outright admitting that they're a failure in their own core competency. Where was their improved firewall solution after the last hacker attack?
Regarding the backups, my *feel* is that certain trees probably weren't being backed up, which can be a problem with backup solutions where you have (or you incorrectly believe you have to) name every subdirectory or filesystem to save. Or it could be outright data loss, which ended up hitting certain trees. Incompetent? You bet.
That's the same reason why they may not be putting content changes through a development server. Only structural changes, for example.
I know that we're having to assume a lot of incompetence, but again, at their own word, hasn't it already been demonstrated? You've got an OS manufacturer/distributor and web solutions provider who can't protect their server from the very old SYN attack.
Doubts on SCO, Groklaw in the mainstream press (Score:4, Interesting)
Re:Come on guys... (Score:5, Interesting)
Re:Come on guys... (Score:5, Insightful)
It certainly was effectively used by the spammers to crush their enemies. I forget the name, but one of the major anti-spam websites was forcibly closed because of DDoS, and nobody was prosecuted.
And this improved the public's perception of spammers how?
Re:Come on guys... (Score:4, Insightful)
1. The public can't even spell DDoS, yet alone know what it is.
2. The public has no idea what a email blacklist is, or why they're important for fighting spammers. To them, telling people that one of these sites would elicit a "huh?" response, not a "oh, damn!".
3. The public most likely didn't hear about the spammers pulling this crap, because CNN was too busy showing happy puppies and ignoring real news (like this, the war crimes in Iraq, etc).
So yeah. The spammer's reputations, which are tarnished beyond repair already, are, er, "safe", such as it is.
Re:Come on guys... (Score:5, Funny)
As a member of the public, I want you to know that I am offended by your use of the term "blacklist".
It is offensive to all African-Americans and other People of Color. Why must "black" always be equated with "bad", when exploitative White male colonizers are the source of all evil in the world?
You might as well perpetuate the culture of oppression by referring to some disk drives as "Master", and some as "Slave".
I will petition the Los Angeles City Council to ban the use of these "blacklists" altogether!
I urge my fellow easily offended perpetually victimized knee-jerk progressives to join me in this vitally important crusade.
A SYN Flood? More likely by SCO. (Score:5, Interesting)
There are only a few possibilities:
1: SCO's IT department doesn't know what syn cookies are and how they relate to Linux (which the DO run their site on). They evidently don't know how to configure CISCO routers in order to block syn floods either. In this case SCO is incompetent...
2: SCO is deliberately not protecting their networks in order to draw attention to themselves.
3: SCO is sabotaging their own networks.
4: The ctber-attack story is completely made up and has no truth value.
The Groklaw story is worth reading:
http://www.groklaw.net/article.php?story=20031210
Re:Come on guys... (Score:5, Funny)
Looks like Rock, Paper, Scissors is the only remaining viable solution.
Re:Come on guys... (Score:5, Funny)
Re:Come on guys... (Score:5, Informative)
Yes. SCO should do that instead of lying about their downtime [groklaw.net]
Edit on main page (Score:5, Insightful)
Re:Come on guys... (Score:3, Funny)
Got SYN-cookie?
Re:Come on guys... (Score:3, Informative)
per groklaw: adjacent hosts are fine (Score:5, Interesting)
Re:per groklaw: adjacent hosts are fine (Score:5, Informative)
So, on those grounds, I'd be prepared to accept that SCO is telling the truth and they are indeed under a DDoS SYN attack against their webserver. However, as normal for SCO, they then go and overcook the situation and claim that their internal network and Intranet has been hit as well. The only possible way this could be the case is if they are using the same server(s) for their public web as their Intranet which is one of the dumbest possible things you could do.
That leaves us with three possibilities:
- SCO is simply lying and there is no DDoS at all.
- They are telling the truth about the DDoS, but have exaggerated the effects in a sympathy ploy, making themselves *look* clueless.
- They are telling the truth about the DDoS and the Intranet, meaning they *are* clueless.
Take your pick!Allright, assume 2 or 3 (Score:5, Insightful)
Further assume that it is a Linux person(s) even though the community as a whole came out against the first attack. Why not likely?
Ok, so, maybe it is not a Linux person.
Instead assume it is somebody trying to make Linux ppl look bad. huummmmm.
Finally, assume that it is some SK that is trying to showoff. Normal situation with a site that is easy to take out and would get lots of press play.
I can safely assume the later 2 are more probable, while the first is not likely.
To be honest, I would also assume that SCO can be lying about being under attack.
Re:Come on guys... (Score:5, Interesting)
1. give the site a bit of a revamp. It's different, and content has changed.
2. Switch operating systems. http://uptime.netcraft.com/perf/graph?site=www.sc
Now, you're in the middle of what you claim is a network attack. You say your site is down, email is down, support is down, and you're working hard to get these things going again... so instead of actually trying to get the network up again, you revamp the site and change the OS of the server
SCO is so full of shit, and the mainstream media is licking up their bullshit press releases. Blah.
Kernel panicked and fled? (Score:5, Funny)
Linux's Hypocrisy Buffer probably overflowed, so it automatically deinstalled. Either that, or the kernel panicked and left the building.
Watch for D'ohl and co to explain that they had to replace their Linux server with UnixWare 'coz "Linux couldn't take the heat". Whackers.
Never Cry Wolf (Score:4, Funny)
Improper use of "Hacker" (Score:5, Informative)
I expect the blatient misuse of hacker as a synonym for computer criminal in the mainstream press, but I woulda hoped that Slashdot would do better.
Re:Improper use of "Hacker" (Score:3, Informative)
It's not like you can just download a program and have control over a pile of zombie machines. You do have to do a little bit of work. Scanning subnets, logging into machines, uploading tools, etc.. to make an 'effective' ddos net. Not just download, run, click, dead server.
Re:Improper use of "Hacker" (Score:4, Funny)
Beware the DOSferatu: The Children of the Byte, who reboot from the grave.
Re:Improper use of "Hacker" (Score:5, Interesting)
How secure are these undead nets?
Well, once someone does gain control over the machine, by way of a Windows with a blank administrator password, they set the machine policy to prompt the user to enter a pass the next time the machine is logged into. And make a different account for themselves to log back on the compromised machine. If the user doesn't freak out about the password prompt, they are all set.
So, to answer your question, I suppose they are about as secure as an unfirewalled/unpatched windows box, since the last thing the 'hacker' will do is put a firewall on the machine for you.
Re:Improper use of "Hacker" (Score:3, Interesting)
Zombie armies are probably most often built w/ auto-rooters -- "tools" that get passed around and modified. E.g. a script-kid may just have to specify which DCOM hole in which Service pack to attack, and then what irc server/channel he/she wants to command them all from. Then he/she installs it on joe user's 24/7 cable-connected box and lets 'er rip. Rinse and repeat 'til you've got 2,000 systems under your thumb.
So yes, it takes a *li
Re:Improper use of "Hacker" (Score:4, Interesting)
A lot of the emails don't make it to a system that can be infected, aren't opened by someone dumb enough, and so on. However, like the numbers involved in spamming, they just need a very small percentage to be dumb enough.
Improper use of DDoS - kinda (Score:5, Interesting)
That being said *IF* the DDoS is coming from compromised machines without there owners permission that is criminal but if it is otherwise (read: users permission coordinated demonstration) then calling it criminal seems a bit harsh. Digital Civil Disobedience seems more accurate.
Re:Improper use of DDoS - kinda (Score:5, Insightful)
The fundamental principle of civil disobedience is found in Thoreau's formulation that "Under a government which imprisons unjustly, the true place for a just man is also a prison." An act is not civil disobedience unless the protestor is at credible risk of being arrested. For a protest to deserve the honor of being described as civil disobedience, it requires risk and sacrifice.
Gandhi spent time in prison. As did MLK. And so did many of the serious anti-war activitists in the 60s.
There's a second issue. SCO is not a government. There is recourse through justice against SCO. So civil disobedience is, again, not appropriate; civil disobedience is directed against a government guilty of an injustice which cannot be redressed through ordinary means.
Those launching a DDoS against a company that's doing something stupid are risking nothing, are sacrificing nothing. They are also providing SCO with ammunition in their attempts to paint all Linux users as criminals (pirates, copyright violators, communists!). They're vandals, pure and simple, and the fact that they're vandalizing an asshole's house isn't a valid justification.
Re:Improper use of "Hacker" (Score:3, Interesting)
"Computer hacking" is defined as "operating a computer in a manner inconsistent with it's designed intent". Thus a DDoS fits perfectly. It's much more accurate than your other suggestions:
Criminal: Entirely free of content. You'd have to be more specific. Also, computer tampering is not illegal in all jurisdictions, so not every hack is a crime (far from it)
Script kiddie: Implies knowledge about the modus operandi that you can't possib
Re:Come on guys... (Score:5, Insightful)
Re:Come on guys... (Score:3, Informative)
Re:Come on guys... (Score:4, Funny)
That's probably exactly why SCO is faking this DDoS attack.
Re:Come on guys... (Score:5, Insightful)
Look at what the use of the law did for the abuse of monopoly power by MS. It was a slap on the wrist for MS and their continued monopolistic practices.
Re:Come on guys... (Score:5, Insightful)
As for the precedent the decision establishes - it can also be fought an argued against or nullified without ddos and cracking. Granted, it's difficult and often seems hopeless at that point.
I'm all for fighting the good fight, but there is no use in 1) exacting vigilante justice because you are impatient or 2) exacting vengeance because you stand to lose from a judgement. The republic (what's left of it) provides legal avenues from which to punish violators, establish new legislation, and overturn precedent. I'm not sure those avenues are completely shut just yet. With many citizens, such methods are not practical to effect an individual's desires in the short term, but they at least provide long-term potential. Think of your kids, and think of the rights you enjoy now because people fought for them despite the fact that they would probably not see their efforts through to fruition.
Re:Come on guys... (Score:3, Insightful)
Except that, in the MS antitrust case, MS lost and yet we, the people, got screwed because the "justice" system refused to treat MS the same way it treats normal citizens, and MS as a result wasn't penalized in any meaningful way for its crime. And that's despite the callous disregard for the law and the "justice" syst
Re:Come on guys... (Score:5, Funny)
or atleast taking down the site the old fasion way... by posting it on
www.sco.com [sco.com]
Re:Come on guys... (Score:5, Informative)
ftp.sco.com is 216.250.128.13. www.sco.com is 216.250.128.12. They are on the same network segment. However, the first is completely and normally responsive, while the second is entirely unresponsive. This is not in any way characteristic of any sort of modern flood-type denial-of-service attack -- that is, a DDoS aimed at flooding the network itself. Whatever is disturbing SCO, it is not a DoS of the sort they evidently believe it to be.
Unfortunately, SCO has taken the "cargo cult security" measure of blocking pings, so it is not possible to gather any information about their disturbance in that fashion. I suspect that the best method to gather information about SCO's disturbance is, in fact, for SCO to fully and legally respond to IBM's discovery requirements.
("SYN flood" is obviously wrong. Although some firewalls and IDS still report TCP-based DoS floods as "SYN floods", the condition that used to be associated with SYN floods has been fixed in current operating systems. Unless they are running a system old enough to be called grossly negligent, they aren't susceptible to TCB starvation. The current unavailability of www.sco.com looks more like someone tripped over the Ethernet cable.)
Re:Come on guys... (Score:5, Funny)
They use Unixware, duh.
Re:Come on guys... (Score:5, Insightful)
Actually, they are using Linux. Most likely, they are using UnitedLinux based on SUSE. All SUSE distros have syn flood protection enabled by default. Plus, many people report their FTP server was fine all this time on the same subnet. SCO's story doesn't add up. It looks like they shut off their webserver to have another excuse at a press release to try to drive their stock price back up in order to dump more shares to buy shiny Christmas presents.
That's my guess anyway.
Re:Come on guys... (Score:3, Insightful)
Re:bad image (Score:3, Insightful)
I mean, what the hell is " apparently by hackers unhappy with the company's legal threats against users of the Linux operating system" supposed to mean? I think that is a dangerous assumption. After all, it is probably Windows machines that are the 'bots, right?
Re:The True Culprit (Score:4, Funny)
I think I know what they wanted to do (Score:3, Funny)
They probably wanted to announce at the meeting on December 22 that, under cover of this DDoS, evil hackers broke in and deleted all the evidence SCO was surely about to hand over to the court. Then, having learned from OJ and the Ramsey parents, they'd go hire a detective to seek out the evil people responsible for the death of their case.
Re:Kinda Sad... (Score:5, Funny)
Re:Ooops (must use preview button) (Score:3, Insightful)