|
- Readme First! -
Read and follow the rules, otherwise your posts will be closed |
|
|
|
|
|
There are currently, 385 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here |
|
|
|
|
|
|
| | The comments are owned by the poster. We aren't responsible for their content. |
| | | | |
| No Comments Allowed for Anonymous, please register | | | | |
Re: Attack Fells SCO's Web Site (Score: 1)
by Audioslaved on Friday, December 12 @ 00:06:13 CET
(User Info | Send a Message) http://www.audioslaved.com | I would totally agree with you if it was a case of spam, but this is a case of SCO saying there were attacked, DDOS'd by Linux hackers to be exact, when in fact nothing of the sort happened and that article at Groklaw proves it.
These people have waged a PR war against Linux, open source, and what we all stand for in most aspects, we all contribut to nuke, SCO case is like a closed source CMS company coming and saying that FB ripped key code off of them and therefore they will charge all of us for nuke, they own it, and everything we have contributed does not count because they own it. And without disclosing exactly what FB would have ripped off even after asking nicely for it, they would withhold the code we are using that is supposedly theirs and make everyone who uses nuke either pay for a license to use nuke, or use an alternative. In the meantime they would launch a PR war designed to spread fear, uncertainty and doubt (FUD) for everyone that would be interested in using nuke or making it better. That is a spin on the SCO vs. IBM/Linux case but towards nuke.
I could not see why they are pointing a finger to "Linux Hackers" anyway when they say they are still investigating the issue which happens to be non-issue, any Groklaw readers want to chime in here?
SCO claims (From there press release) this:
"This specific type of DDoS attack, called a "syn attack," took place when several thousand servers were compromised by an unknown person to overload SCO's Web site with illegitimate Web site requests."
And furthermore, a clip from the article at Groklaw:
SCO goes on to say:
"'The flood of traffic by these illegitimate requests caused the company's ISP's Internet bandwidth to be consumed so the Web site was inaccessible to any other legitimate Web user.'
Steve McInerney's explanation response to what SCO said (Security Professional in Australia)
"Interesting. If their bandwidth is consumed, then any servers nearby will also be inaccessible. That is www.sco.com has the IP address of 216.250.128.12 and ftp.sco.com has the IP address of 216.250.128.13 so the two servers are side by side, probably even on the same physical network hub/switch. Note that there is no room for a broadcast, etc., address - these servers are on the same subnet - i.e., on the same network device (hub/switch).
"Unfortunately for SCO, from Australia, ftp.sco.com is highly responsive. No bandwidth problems there that I can see - even though www.sco.com is still unavailable.
"The evidence then, is that their bandwidth is fine.
"So what about just the SYN flood? Well, even with patches, to successfully conduct a SYN flood you would tend to chew up available bandwidth anyway, which we aren't seeing. So I have quite strong doubts about the accuracy of this information.
"I feel quite comfortable in stating that SCO are NOT suffering a DDoS attack. Specifically not one that they have described. It looks to me like someone has accidentally kicked a cable out of it's socket or similar. Or a HDD failure or....
"Speaking as a Sysadmin/Firewall guy, my first priority in any attack is to solve the problem - not issue a press release.
"Dealing with an DDoS atack when your bandwidth is NOT eaten up is fairly simple. A quick and dirty script to read your firewall log(s) for incoming addresses that are trying the SYN attacks is fairly easy. Adding those IP addresses to a quick block list is also easy.
"Problem just goes away."
Last Point to make is that SCO's upstream bandwidth provider was contacted:
From Groklaw.net
Because everybody looking into this found that a traceroute ended at X0.net, I called them and spoke with tech support. I was told it couldn't reasonably be a DDoS, because he showed the ftp server still up. X0.net was not the block, in any case. "Everything is pointing to calderasystems.com," I was told.
Read the rest of this comment... |
| Parent | | | | | |
