---

CAIDA.org: SCO Offline from Denial-of-Service Attack

“At 3:20 AM PST on Wednesday, December 10, 2003, the UCSD
Network Telescope began to receive backscatter traffic indicating a
distributed denial-of-service attack against the SCO Group. Early
in the attack, unknown perpetrators targeted SCO’s web servers with
a SYN flood of approximately 34,000 packets per second. In real
world terms, the attack caused SCO to receive so many incoming
prank phone calls that their switchboard was flooded.

“Around 2:50 AM PST Thursday morning, December 11, the
attacker(s) began to attack SCO’s ftp (file transfer protocol)
servers in addition to continuing the web server attack. Together
www.sco.com and ftp.sco.com experienced a SYN flood of over 50,000
packet-per-second early Thursday morning. By mid-morning Thursday
(9 AM PST), the attack rate had reduced considerably to around
3,700 packets per second. Throughout Thursday morning, the ftp
server received the brunt of the attack, although the
high-intensity attack on the ftp server lasted for a considerably
shorter duration than the web server attack. At 10:40 AM PST, SCO
removed their web servers from the Internet and stopped responding
to the incoming attack traffic. Their Internet Service Provider
(ISP) appears to have filtered all traffic destined for the web and
ftp servers until they came back online at 5 PM PST.

“In spite of rumors that SCO has faked the denial-of-service
attack to implicate Linux users and garner sympathy from its
critics, UCSD’s Network Telescope received more than 2.8 million
response packets from SCO servers, indicating that SCO responded to
more than 700 million attack packets over 32 hours. The outage was
also documented by Netcraft in their article and analysis
graphs…”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis