Nobody knows whether it was distributed. (Okay, the attackers know. (-:)
That's assuming quite a bit :)
A traditional SYN flood attack uses very low bandwidth and relies on
bugs/performance bottlenecks in the victim's TCP stack to make the
host unusable.
Yes, but there have been patches out for routers/firewalls/TCP stacks for AGES that make it much less of a problem.
The Groklaw article was doubting the claims because their FTP server (which is 1 address over from the web server) was up and hightly available for the full duration of the attack. If it was truly a high-bandwith DoS stealing their entire network pipe, one would expect that another server on that same pipe would be unreachable, or at least slower, as well. That wasn't the case.
Part of the problem is that SCO's press release didn't accurately describe what had happened. That's because the people who write the PR aren't the people who keep the network going. No surprise there.
Or DON'T keep it going, as the case may be.
SCO's web server runs on Linux.
That's debatable. Netcraft says their website is running "Unknown/Apache" right up until the 'DoS' started. It USED to be "Linux/Apache", but not any more. People were guessing that they hosed the migration, and blamed it on a DoS attack.
Most of this discussion was covered on /. within the first few minutes of the news article going live. *grin*
-Brad
_______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
