SCO DOS'ed 529
Thomas Cort writes "BusinessWeek has an article about a DDoS attack against SCO.
"At 10:45 a.m., the Unix and Linux seller was hit by a distributed denial-of-service attack (DDoS) that hampered its Internet operations, said SCO spokesman Blake Stowell ... the Utah-based company has incurred the wrath of many Linux enthusiasts infuriated with its lawsuit against IBM ... SCO's Internet service provider, ViaWest, told SCO that about 100 high-speed T1 data-transmission lines of network capacity--about 90 percent of its total bandwidth--was being consumed in the attack.""
I hate to say this (Score:4, Insightful)
Re:I hate to say this (Score:5, Funny)
Daniel
Re:I hate to say this (Score:5, Insightful)
What would serve them right would be to win or loose in court, public opinion, or the market place.
DOS is criminal and effects more than SCO.
When / if the 31337 d00dZ doing this loose their equipment or go to jail, it will serve them right.
Re:I hate to say this (Score:4, Funny)
Who didn't see this coming? (Score:5, Funny)
I remember thinking "they're gonna get hacked, DOSed and generally trashed" about 10 seconds into the *original* article.
For the non-hacker, how can you help this cause? (Score:5, Interesting)
Whatever happened to signing them up to every junkmail and junk email list also?
Posting every SCO email address on numerous usenet groups.
Phoning the 1800 numbers to cost them a bundle in toll calls asking stupid questions about the lawsuit.
Or the good ol' fashioned turd in a parcel gag....
Pinging SCO flat out won't do diddly squat, but if every
Re:For the non-hacker, how can you help this cause (Score:5, Funny)
This took WAY TOO LONG. For the non-hacker, how can you help?
If you want to help out in a DDOS attack, but you don't have the skills to engineer such a thing, then you should consider using these products. [microsoft.com]
Re:Who didn't see this coming? (Score:5, Insightful)
At 1.5mbps thats 150 megs a second!
IRC efnet a year and a half ago crawled to its knees when a cracker hit it with just 20 megs a second.
I am supprised it came this quickly considering how many hosts or routers he had to crack to find his slaves. Something this huge requires great efforts. Also regular users are now waking up that a firewall and Windows updates are needed. 2 years ago everyone I knew used Outlook, Office, and Windows unpatched without a firewall using a highspeed connection. Today only a few still do this which makes finding hosts alot harder.
Re:Who didn't see this coming? (Score:4, Interesting)
I do wonder if it's an irate employee of IBM, or even someone at Microsoft playing around.. Either of them probably have sufficent bandwidth to pull this off. They'd be caught pretty quickly though. It's kinda obvious when you have 10 machines on the same network doing ping -f sco.com..
I hit our networks between each other occasionally with that kind of traffic, just to see the bandwidth jump up. I'm surprised they can't handle it. I guess that's the difference between handling big porn sites, and handling SCO's needs (tee-hee).
It looks like they've changed providers since this happened, or maybe they just stopped.. Watching a DoS is kinda boring..
13 0.so-3-0-0.XL2.SLT4.ALTER.NET (152.63.102.13) 86.413 ms 49.691 ms 41.490
ms
14 186.ATM6-0.GW4.SLT4.ALTER.NET (152.63.91.249) 36.255 ms 169.646 ms 88.828
ms
15 center7-gw.customer.alter.net (157.130.166.198) 56.096 ms 88.057 ms 58.52
3 ms
16 c7pub-216-250-136-74.center7.com (216.250.136.74) 169.640 ms 73.178 ms 12
4.894 ms
17 * * *
They really should do something more creative than just flooding them with traffic. How about a good syn flood, or hammering one of their CGI's. Maybe finding a nice mail-to script on their own site, and filling the support boxes with bogus script-generated messages..
Flooding them with traffic just isn't nice to the rest of the customers on that network. What if someone else is hosted there? Or you completely mangle the ISP for that part of the country? If someone flooded a few different major networks in Florida with about 45Mb/s traffic, it would kill all of their customers in the state. I'd have customers calling from down there all the time asking why everything seemed slow, so I'd do traceroutes from around the country, and realize no one had decent ping times to them.
I'll quietly snicker while they do their evil deeds, and still say "that's not nice". I know it's annoying when people do 'em to us (it's a daily occurance).
Re:Who didn't see this coming? (Score:3, Informative)
As for them having their own datacenter, don't be surprised if they don't.. Having your own datacenter is cool -n- all, but really overkill for many situations. We don't use our own, we use other providers for that. That way, we have the luxury of living in a datacenter, without actually having to run the facility. If you go somewhere like Switch&Data, you already have major providers with available bandwidth in the facility. It takes longer to
That's a pretty massive attack (Score:2, Funny)
Re:That's a pretty massive attack (Score:5, Funny)
hmmm (Score:5, Funny)
Yes it sounds like a plain old slashdotting. (Score:5, Interesting)
Sounds like it:
Well, let's see:
A single T3 is 28 T1s. So four T3s is 112 T1s. 90% of that is 100.8 T1s - "about a hundred T1s".
So it sounds like Via West, their ISP, only HAS four T3s worth of connectivity to the rest of the net. That's pretty rinky-dink as ISPs go - but the Santa Cruz area is pretty small, over the coastal range from the main drag for communication lines, and doesn't have a lot of industry. I could easily see the local ISPs getting by on foure T3s rather than stringing a couple fibers that far (or renting them from somebody who did). That's big bucks for a small user community.
Given that SCO's website was mentioned in a slashdot article, I could easily see the readers following the link and slashdotting it until their ISP was at 90% with the web requests.
But the Business Week article also says that the attack was from 138 zombies, not from the general net. 138 machines could easily produce a DDoS attack of that magnitude. But a slashdotting would be a lot less traffic each from a lot more sites across the whole net.
So, no, it looks like a real DDoS.
SCO has another problem too (Score:5, Interesting)
Possibly two other problems... (Score:5, Interesting)
They have, haven't they? Contrary to what the article says, I do believe this is a major hole in the foot for their faux pas against IBM, because regardless of the validity of said code secrets, and regardless of whether they're GPLed or not, SCO have made the code publicly available, long before they prepared or made complaint against IBM. How could IBM steal something that's publicly available? D'oh?
I can't see how it could be applied this way (surprise: IANAL), but it would be ironic enough to be picked up with a magnet if SCO's publication-under-the-GPL of this code implied the GPLing of their UnixWare(tm,(R),(c),etc...) code as well. I imagine that would have rather... extensive effects on things like their share-market value.
Intresting, but... (Score:2)
Unintentionally, hmm... (Score:3, Insightful)
I can't see a way of propagating that far enough back to force UnixWare open - but I'd be laughing for days if it did happen, it'd be near as funny as Microsoft GPLing the Windows 2003 source
Re:Intresting, but... (Score:3, Informative)
Today, Sunday May 4 2003, 2:23 am MDT, they know their code is in it, and they are still distributing it [sco.com] under the GPL. They'd have had a case if they'd pulled it, but they haven't. From this point forward, SCO, by knowingly distributing the code under the GPL, are knowingly licensing that code for use under the GPL.
This, by the way, also hurts their damage claims. "If this code is so valuable that its distribution under the GPL caused you harm, then
Re:Possibly two other problems... (Score:2)
But IBM did not take code from SCO Linux (Score:5, Informative)
The code that was given to IBM was given as Unix, not under GPL. SCO claims IBM released THAT code under Linux. They can release it now.. and IBM could even claim they took the code released under SCO, incorporated that GPL code into their products, but theyre not claiming that now. Theyre claiming they never did release SCO code under Linux. We dont even know what product of Linux is accused of containing tainted code.
Therefore they should be dDosed
Time to replace the bearings? (Score:3, Insightful)
Unquestionably.
I think the GPL penny really hasn't dropped at all for so many important companies. Only a few people within SUn seem to really `get it', for example, and on the other side of the coin there are countless PHBs convinced that if they let a GPLed program in the door, every shred of their own software immediately becomes public.
Good Point. (Score:5, Informative)
For those of you who's lazy to click, here's two paragraphs summary:
The upshot of this GPL paragraph is that by relicensing their own code under non-GPL terms, once having knowingly released said code under the GPL, they have forfeited their own rights to distribute Linux. Or, at least that's how I interpret it. Further, the same paragraph states that the rest of us still hold full GPL rights to the code SCO originally licensed to us via the GPL.
The bottom line to us would appear to be that, even if there is IBM-introduced, SCO-owned, infringing code in Linux, it is now officially released under the GPL by the copyright holder, SCO. And, of course, no sanitizing of the Linux kernel is necessary. This spat should have no effect on Linus, Red Hat, SuSE, or any other Linux developer or distributor.
Re:Good Point. (Score:3, Informative)
Re:SCO has another problem too (Score:2, Insightful)
It'd be akin to writing up a contract for making a movie out of a Stephen King book for $5, placing said contract on the last few blank pages with the note "by signing the cover, author agrees to this agreement" then taking it to a book signing, having King sign it, and then using the book to argue that you had a c
Given their behaviour... (Score:5, Insightful)
Duh!
Sounds like they're the next RIAA.org to watch on Netcraft for downtime. ;)
Serves them right (Score:5, Interesting)
It fits this perfectly. Nobody's going to feel sorry for SCO, claiming that somehow Linux is based off of their code. I remember seeing that map of the *nix's by SCO, that was totally made up. Perhaps someone should tell them that Linus wrote it from scratch...
worse to come (Score:5, Funny)
138 zombies? I doubt they have as many clients left.
Re:worse to come (Score:3, Interesting)
Funny since this has already happened since 98 when Linux invaded their whole market. They made 4 billion on a settlement with Microsoft for the dr dos deal. SCO has been using this money for the last couple of years to stay in bussiness since OpenServer and Unixware make up so little in revenue.
New bussiness plan: Make money by suing people. Not selling.
Integraph(remember them?) is a classical example. They make around $17 mill
Re:Serves them right (Score:2)
Re:Serves them right (Score:2)
Why you gottat go and do a stupid thing like that? (Score:5, Insightful)
Re:Why you gottat go and do a stupid thing like th (Score:5, Funny)
That's how Miss Manners would handle this.
Re:Why you gottat go and do a stupid thing like th (Score:2)
But if the boxes had been broken into, it would have tarnished the reputation of SCO products. Though it may be a bit late to do that because their products really don't have a decent reputation.
Re:Why you gottat go and do a stupid thing like th (Score:2)
But I can't for a second see how hacking can prove the point that SCO's products are untrustworthy. It isn't as if they have made some fool hardy claim that their software is "UNBREAKABLE" (ahem, Oracle, ahem)... besides most breakins can be blamed on the people. Therefore a break-in isn't enough to prove that their products stink.
Re:Why you gottat go and do a stupid thing like th (Score:5, Interesting)
Re:Why you gottat go and do a stupid thing like th (Score:3, Insightful)
Mod me down, I really don't care at all. I am anti-linux and pro-BSD for no other reason than the fact that I can't stand the brutal attitude shown by a majority of linux users. In fact, I've influenced clients to g
Re:Why you gottat go and do a stupid thing like th (Score:5, Insightful)
In fact, I've influenced clients to go with BSD instead of linux for just that reason.
Listen to yourself: You're advocating the use of an OS based on the who is using it.
I'll never understand this way of thinking.. A good product will always attact good and bad people in mass.. Let's just imagine for second that everyone listened to the BSD advocates, and switched to BSD. Where are you going to turn when the idiots follow again? Is there some section in the BSD license that makes it impossible for the kiddies to use it or something?
How are you going to prevent people you don't like from using something that is useful?
More imporantly, why do you even care who else uses your software? After all, it is your software.
I guess some people were just born to be bitter..
Re:Why you gottat go and do a stupid thing like th (Score:4, Funny)
So buy Microsoft. Because we never get attacked!*
* exceptions include Nimda, CodeRed, Slammer, VB-scripts, MSWord macros, I love you, trojans, haxors, script kiddies, anyone with a degree in computer science, that guy in your class with the messy hair and your grandmother.
Re:Why you gottat go and do a stupid thing like th (Score:2, Insightful)
Re:Why you gottat go and do a stupid thing like th (Score:2)
If not SCO, perhaps you can think of another organization that would like to discredit Linux.
why do you stupidly assume it's "us" (Score:5, Insightful)
There are many possibilities as to who did this, only one of which is a Linux-fan.
Could have been an angered ex-employee at SCO.
Could have been a renegade at IBM.
Could have been someone who doesn't like SCO for some other reason.
So, stop defaming the Linux community.
Gotta love the way... (Score:5, Insightful)
Gotta love the way the article puts this whole slant that it must be Linux fans doing it. The SCO guy just coming out and saying it's unprofessional for us linux boys to do this sort of thing, that just reeks dude. Reeks. Leeks. mmmm, hungry.
Re:Gotta love the way... (Score:2)
A DDoS attack is hitting below the belt, though, Stowell said. "It's one thing to have a complaint with SCO's lawsuit or with our position in terms of code being found in Linux. It's another thing to deal with that in an unprofessional way," he said.
Not that I support the DDoS attack, but pot and kettle keep coming to mind when they start talking about people being "unprofessional."
Re:Gotta love the way... (Score:2)
And the people at SCO are *pros.*
Whatever happened to doing things the *ethical* way?
Oh, yeah, that brings us back to the lawyers, doesn't it?
KFG
Re:Gotta love the way... (Score:5, Informative)
What he said was, "It's one thing to have a complaint with SCO's lawsuit or with our position in terms of code being found in Linux. It's another thing to deal with that in an unprofessional way."
The article does paint a picture of an outraged linux community, but doesn't come out and say that it was them who did it.
Please read more carefully.
Mr Burns - the new CEO of SCO (Score:2, Funny)
lets act like adults, ok ? ... (Score:5, Insightful)
there are too many *legal* ways of showing to SCO our revolt with they 're dirty tactics without needing to play at they 're (very low) level
Just my two cnts
cheers from Portugal ...
Must've been a REALLY big attack... (Score:4, Funny)
mob mentality (Score:2)
remember that everyone here with a lot of antisocial tech savvy time on their hands
Re:mob mentality (Score:3, Insightful)
Hm, I just saw this plot in X2.. (Score:4, Funny)
Freaks rejected by society engage in a shocking attack against an authority figure, thereby justifying attacks against those freaks.
Just great, now SCO will get all Stryker on Linux's ass, just what we need.
Re:Hm, I just saw this plot in X2.. (Score:2)
This makes Linux users look like morons. (Score:2)
SCO doesn't need us to shoot them in the foot, they are doing that themselves.
On a lighter note, aren't all those virus cluckers supposed to prevent this in windows?
Penguin Power (Score:5, Funny)
Just goes to show that the power of the people will always show through, some how.
Hmm.. (Score:4, Funny)
The first being the Slashdotting they got?
Might not be so good. (Score:5, Insightful)
"If you even make threats against the open source community they may just attack your systems. "
It wouldn't surprise me if SCO DOS'd themselves for more attention (or possibly DOS'd themselves by accident knowing those wankers), but I can see a possible bad spin.
Linux users aren't capable of this... (Score:5, Funny)
The open source community just isn't capable of developing such techniques, despite published papers being available for years on the topic of DOS attacks.
IBM must have helped them.
Oh, great (Score:2)
Jsut on a sidenote though, why are we measuring traffic in numbers of T1s? That's so... uh, 1990s.
Re:Oh, great (Score:2, Interesting)
that's all? 100 T1's? (Score:2)
so their ISP has a little over 2 T3's worth of capacity total? sounds like a real group of pros.
Sue IBM, get fingered. (Score:5, Interesting)
Okay. IBM has a lot of bandwidth. IBM has an outsourcing network solutions division. IBM has hired "hackers" at various times to do penetration testing and the like for said division. SCO sues IBM while taking a swipe at Linux. SCO gets DDoSsed into the uucp era.
It's likely completely coincidental, but it is conceptually quite amusing.
A huge mistake (Score:5, Insightful)
The drama the DDoS kiddies serves as a nice distraction that SCO has no case!
Turns out..... (Score:5, Funny)
This was just the first step taken by the RIAA's cyberwar attack. Looks like somebody had an mp3 on their server.... ;)
[slashdot.org]
This Can't Be Right! (Score:5, Funny)
SCO is acting unprofessionally... (Score:5, Interesting)
The irony would be worth it.. (Score:2)
/. to the rescue? (Score:2)
Ok, the whole thing is childish and stupid and pointless -- I'm sure that IBM is more than capable of holding its own in court -- and two wrongs never make a right. Nevertheless, I find it hard to be too upset about this. It couldn't happen to a nicer bunch of guys.
Maybe it's the RIAA (Score:5, Funny)
As far as I'm concerned... (Score:2, Interesting)
2. Crashing or overloading them is merely temporary suspended animation.
3. There was no real damage done.
4. So called lost transactions were merely delayed to another day not lost, therefore there was zero damage only righteous frustration of SCO.
It's the most satisfying benign form of protest.
I encourage it.
Also, I'll add that the Usenet Death Sentence was often used to get ISPs to care about spam. Quite effectively too.
Could This Be ... (Score:2)
IBM offers to buy SCO, if they first sue and loose because of the GPL.
Just a thought.
In other news... (Score:5, Funny)
The lines of code they are referencing are........ (Score:4, Informative)
It's time to move to bsd style startups to avoid having SCO pull an RIAA (removing them)
How come terrorists aren't attacking the Internet? (Score:2)
Oh yeah... good idea guys (Score:2)
So while, yes, it's quite funny, perhaps it wasn't a particularly wise move? People need to start repsonding intelligently rather than with knee-jerk retribution.
Keep it up (Score:2)
Who ever the bad people doing this keep it up. SCO are being dicks and i'd love to offer my spare computing and network cycles to take them off the air for doing so.
Next step... (Score:2, Interesting)
Anti-Stupidity League Claims Responsibility (Score:5, Interesting)
This has been a communique from the Anti-Stupidity League. Further communication shall follow.
Re:Anti-Stupidity League Claims Responsibility (Score:4, Funny)
Re:Anti-Stupidity League Claims Responsibility (Score:3, Funny)
The name of the company is Santa Cruz Operation. Please correct your statement, otherwise you may look.. well... stupid!
Unfortunate, but not surprising (Score:4, Insightful)
This is not surprising, however, since SCO has made a giant ass of themselves.
It's nice to get some feedback (Score:5, Funny)
(btw, the above was supposed to be a joke, mister humor-impaired-FBI-agent)
This dosen't look bad at all.... (Score:3, Interesting)
SCO does something wholly American by pursuing "Legal Action" against those open source thieves. And these linux "hackers" respond by in a "hackerly" manner.
Great. As long as we keep up on the snide comments made to "Windoze Luzurz", we should be right on track to obscurity.
Computer religion sucks (Score:5, Insightful)
I'm reading through these comments and I see so many who believe that snuffing somebody off the net via DDoS is good and justified. More disturbingly, I see so many other posts by people who say they don't agree with this tactic, but that SCO "deserves" it. Deserves it for what? For believing that they have intellectual property that's been stolen and wanting to protect it? For not agreeing with the Church of Open Source and asserting that they have a right to keep intellectual property to themselves?
People don't know what or how much SCO claims is stolen, but since their claim threatens the First United Assembly of Linux, they're considered evil and they must be destroyed by any means possible. It's not about right or wrong, it's about us vs. them, and that is so very wrong.
This "us vs. them" mentality seems strangely similar to the attitudes of terrorists who want to cleanse the world of infidels. Sure, the users aren't killing actual people (so far), but obviously some are willing to cut off the lifeline of an offending business. Isn't this just another, softer, form of terrorism?
Some of the posts on this thread even propose that SCO or IBM or Microsoft are behind this whole thing. Doesn't that seem at least glancingly similar to the supporters of religious terrorism proposing that the countries which are the target of attacks are perpetrating the attacks themselves? Is the community so desperate to believe that it's right that it will blind itself to the reality that perhaps some of its own members are taking things too far?
Are there any reasonable voices left? Is anyone willing to wait and see what and how much SCO claims was stolen before convicting them of some perceived crime against their Linux God? Or is this really how the world operates now? Do we just read the headlines, draw conclusions using vague information, then either join the mobs or stand by while the mobs torch them and say "well, they deserve it"? If they're vindicated in the end, will we just excuse ourselves by saying that they deserved it anyhow for all their other crimes against Linux?
Re:Computer religion sucks (Score:3, Insightful)
Which planet did you happen to live on? Because my sources have the Unix-haters handbook coming out of that era, and many ITS users pissed off about Unix (try looking up "Unix conspiracy in the Jargon file), Apple and DOS users writing viruses for each other's systems (I think this fact was from Norton
Email SCO CEO... (Score:3, Informative)
Very sincerely yours,
Darl McBride
President and CEO
The SCO Group"
found here [216.239.37.100]
THIS IS NOT THE PROPER WAY TO FIGHT BACK... (Score:3, Insightful)
Yes, what they are doing is reprehensible and it should be stopped, but not like this.
GJC
Wrong Title (Score:4, Funny)
You made me angry, so I'll punch your paperboy. (Score:5, Insightful)
1) it makes a clear case for increasing criminal penalties for interfering with comm services.
2) It doesn't hurt SCO. It may, however, bankrupt the small, independent ISP they chose to do business with.
3) Even if it did hurt SCO, who gets canned over it? The lawyers? Nope. The CEO? Nope. The first-level support guys who live paycheck-to-paycheck? Yep.
DDOS'ing a company is a stupid, childish, and completely counter-productive thing to do. It harms nobody but innocent bystanders. Cheering these idiots on is no different from cheering on any other vandal.
no subject (Score:3, Insightful)
I would have expected a good DDoS attack to make them completely inaccessible, but when I go to their site I don't notice any difference.
the next lawsuit.... (Score:4, Funny)
Another SQL issue? (Score:3, Insightful)
Will this affect the case? (Score:3, Insightful)
I hate SCO. But I'd hate even more if SCO could somehow spin this to help their case.
Re:two words (Score:2, Funny)
more lies (Score:3, Funny)
Mohammed al-Sahaf (now the SCO press minister)
Re:Slashdot DoS'ed!!!! (Score:3, Funny)
Re:suprise suprise (Score:2, Offtopic)
NOT. If you piss off alot of technically knowledgeable people you're gonna get screwed.
Yeah, just look at Saddam Hussein....
Re:Unprofessional? (Score:2)
Anyone here feel sorry they where treated unprofessionally? I don't know, I learned as a child to do unto others as I would like others to do unto me.
Conversely, anyone here feel like they're BEING TREATED unprofessionally? The article makes it look like SCO has jumped to the conclusion that it's Linux fans doing the attack. If that is true, then SCO is acting unprofessionally themselves. How many fingers are they pointing at us?
Well, I for one am not pointing any fingers *at* them. I'm just showing
Re:Unprofessional? (Score:5, Insightful)
Conversely, anyone here feel like they're BEING TREATED unprofessionally? The article makes it look like SCO has jumped to the conclusion that it's Linux fans doing the attack. If that is true, then SCO is acting unprofessionally themselves. How many fingers are they pointing at us?
Well, just who the hell do you think it is doing it? IBM? It's the same people who always do this shit - stupid kids that think they're making some kind of political statement by breaking stuff. This time, instead of saying "you can't stop us from trading music", it's "how dare you try to fuck with Linux you assholes!!" Yeah. Really mature.
Getting your buddies together and pointing all your zombied machines at someone's IP address and going "bang" does NOT constitute legitimate protest. Even if you don't care about SCO, this is screwing their ISP bigtime - they're knocking out 90% of their bandwidth, for crissake. All it does is reinforce every negative stereotype of Linux/Open Source/GPL people held by the rest of the world.
Re:What took so long? (Score:2)
Pocket most of it and sue somebody else. Retire rich. Start new companies in unrelated fields.