Linux Today: Linux News On Internet Time.

More on LinuxToday SCO Offline from Denial-of-Service Attack

Dec 12, 2003, 20:00 (14 Talkback[s])
(Other stories by David Moore, Colleen Shannon)

"At 3:20 AM PST on Wednesday, December 10, 2003, the UCSD Network Telescope began to receive backscatter traffic indicating a distributed denial-of-service attack against the SCO Group. Early in the attack, unknown perpetrators targeted SCO's web servers with a SYN flood of approximately 34,000 packets per second. In real world terms, the attack caused SCO to receive so many incoming prank phone calls that their switchboard was flooded.

"Around 2:50 AM PST Thursday morning, December 11, the attacker(s) began to attack SCO's ftp (file transfer protocol) servers in addition to continuing the web server attack. Together and experienced a SYN flood of over 50,000 packet-per-second early Thursday morning. By mid-morning Thursday (9 AM PST), the attack rate had reduced considerably to around 3,700 packets per second. Throughout Thursday morning, the ftp server received the brunt of the attack, although the high-intensity attack on the ftp server lasted for a considerably shorter duration than the web server attack. At 10:40 AM PST, SCO removed their web servers from the Internet and stopped responding to the incoming attack traffic. Their Internet Service Provider (ISP) appears to have filtered all traffic destined for the web and ftp servers until they came back online at 5 PM PST.

"In spite of rumors that SCO has faked the denial-of-service attack to implicate Linux users and garner sympathy from its critics, UCSD's Network Telescope received more than 2.8 million response packets from SCO servers, indicating that SCO responded to more than 700 million attack packets over 32 hours. The outage was also documented by Netcraft in their article and analysis graphs..."

Complete Story

Related Stories: