Bob, the caida analysis repeated refers to a distributed denial-of-service attack (DDoS) against SCO, but many other parts, and groklaw, refer to a DoS attack. It was my understanding that SYN flood attacks are generally not distributed attacks, although I'm certain they *could* be coordinated... just that usually only one attacker is needed, with good bandwidth, to generate a big flood. Anyone have any clarification on whether this is truly a DDoS, or technically a DoS?? (thanks)
Now to rip on SCO: maybe someone should tell them about the great free code they could steal to protect them from this stuff... it's been around a while, no? Apparently, unixware isn't up-to-snuff. ciao, Ben PS - thanks for posting this -- I was following the groklaw banter yesterday, and discussing it with co-workers. On Fri, 12 Dec 2003 12:29:40 -0800 Bob Miller <[EMAIL PROTECTED]> wrote: | Early Wednesday morning, The SCO Group's web server was allegedly | attacked in a SYN flood DDoS attack. | | SCO made a press release about it, and their stock price went up. | (I'm really curious what goes on inside the mind of a day trader...) | | Some people didn't believe the DDoS was real. This Groklaw article is | the focus point for that viewpoint. | | http://www.groklaw.net/article.php?story=20031210163721614 | | Today, CAIDA published an article stating that they did indeed see a | backscatter effect from SCO's DDoS on their Network Telescope. | | http://www.caida.org/analysis/security/sco-dos/ | | So it appears that the DDoS was real. | | (BTW, check out this totally cool movie from CAIDA.) | http://www.caida.org/outreach/resources/animations/passive_monitoring/backscatter.mpg | | -- | Bob Miller K<bob> | kbobsoft software consulting | http://kbobsoft.com [EMAIL PROTECTED] -- just me, "Ben". _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug