[67067] in North American Network Operators' Group
Re: SCO
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sun Feb 1 19:36:55 2004
To: Petri Helenius <pete@he.iki.fi>
Cc: nanog@merit.edu
In-Reply-To: Your message of "Mon, 02 Feb 2004 01:37:26 +0200."
<401D8DB6.50406@he.iki.fi>
From: Valdis.Kletnieks@vt.edu
Date: Sun, 01 Feb 2004 19:36:04 -0500
Errors-To: owner-nanog-outgoing@merit.edu
--==_Exmh_505761284P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
On Mon, 02 Feb 2004 01:37:26 +0200, Petri Helenius said:
(I was speaking to *this* particular incident, not to the question of
"how to prevent it" in general. Remember that this is the 5th or 6th
time SCO has been DoS'ed sucessfully...)
> There are quite a few companies, big and small, who would be happy to s=
ell you web or
> content "switches" which forward the HTTP requests to the actual server=
s based on
> almost any bit in the HTTP request.
Yes, but this assumes a sufficient supply of clue, available financial
resources, and motivation to deploy, and then balance the cost of those t=
ype of
boxes against the impact on your revenue stream of getting DDoS'ed. When=
your
web server isn't generating any revenue, your ongoing support (patch down=
load,
etc) is via a still-working FTP server, and you can get lots of PR out of=
saying "Those Linux freaks let loose a worm to DDoS us", why should you i=
nvest
in that technology?
> Does anybody have any numbers to actually support the theory that there=
=
> would actually be significant
> traffic flowing somewhere?
=46rom SCO's 10K they filed with the SEC on Tues, Jan 28, and presumably =
actually
written at least a day or two before:
"Additionally, we have recently experienced a distributed denial-of-servi=
ce
attack as a result of the "Mydoom" worm virus. It is reported that the ef=
fects
of this virus will continue into February 2004".
So for them, the DDoS was already "past tense" a week ago. Not "expectin=
g"
or "will be shortly".
Draw your own conclusions what happens if the DDoS attack fizzles for any=
reason, or if Netcraft's stats say a different story, etc...
The best commentary I've seen on the whole sorry mess so far:
http://ars.userfriendly.org/cartoons/?id=3D20040201
--==_Exmh_505761284P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFAHZt0cC3lWbTT17ARAi3PAKDzlrlqBqcekOOthwBJuJxQ6JISKwCfaXPL
gb3wFhYv0vvLLI+fDdFwKh4=
=dPRM
-----END PGP SIGNATURE-----
--==_Exmh_505761284P--
