[Dshield] SCO attack

John Sage jsage at finchhaven.com
Sun Dec 14 18:01:04 GMT 2003


On Sun, Dec 14, 2003 at 11:39:15AM -0500, Johannes B. Ullrich wrote:
> From: "Johannes B. Ullrich" <jullrich at sans.org>
> To: list at dshield.org
> Date: Sun, 14 Dec 2003 11:39:15 -0500
> Old-X-Envelope-To: list at dshield.org
> Subject: [Dshield] SCO attack
> You probably read the news reports by now about the DDOS attack against
> SCO, and some people not believing that it is real. Well, we do see
> quite a bit of backscatter from this. SCO's IP address is
> Reports against this address look like DDOS backscatter:
> Summary:
> http://www.dshield.org/ipinfo.php?ip=
> Details (not accessible all the time):
> http://www.dshield.org/ipdetails.php?ip=

This is also well documented at CAIDA:


After that, I have to say "So what?"

This sort of thing happens all the time.

The particular fact that SCO was DoS'ed is not startlingly unusual:
ask anyone who has pissed-off some punk on IRC.

But let's get this point on the table right now:

SCO's current legal "situation" relative to IBM, Linux and the Open
Source/Free Software movement are certain to draw some wackos from out
of the woodwork.

Does this DoS reflect poorly on IBM, Linux or the Open Source/Free
Software movement? Not at all.

Just thought I'd put that thought out before this thread goes off the
deep end.

- John
"Most people don't type their own logfiles;  but, what do I care?"
John Sage: InfoSec Groupie
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.

More information about the list mailing list