[Dshield] SCO attack

John Sage jsage at finchhaven.com
Sun Dec 14 18:01:04 GMT 2003


All:

On Sun, Dec 14, 2003 at 11:39:15AM -0500, Johannes B. Ullrich wrote:
> From: "Johannes B. Ullrich" <jullrich at sans.org>
> To: list at dshield.org
> Date: Sun, 14 Dec 2003 11:39:15 -0500
> Old-X-Envelope-To: list at dshield.org
> Subject: [Dshield] SCO attack
> 
> 
> You probably read the news reports by now about the DDOS attack against
> SCO, and some people not believing that it is real. Well, we do see
> quite a bit of backscatter from this. SCO's IP address is
> 216.250.128.12. Reports against this address look like DDOS backscatter:
> 
> Summary:
> http://www.dshield.org/ipinfo.php?ip=216.250.128.012
> 
> Details (not accessible all the time):
> http://www.dshield.org/ipdetails.php?ip=216.250.128.012

This is also well documented at CAIDA:

http://www.caida.org/analysis/security/sco-dos/


After that, I have to say "So what?"

This sort of thing happens all the time.

The particular fact that SCO was DoS'ed is not startlingly unusual:
ask anyone who has pissed-off some punk on IRC.

But let's get this point on the table right now:

SCO's current legal "situation" relative to IBM, Linux and the Open
Source/Free Software movement are certain to draw some wackos from out
of the woodwork.

Does this DoS reflect poorly on IBM, Linux or the Open Source/Free
Software movement? Not at all.

Just thought I'd put that thought out before this thread goes off the
deep end.



- John
-- 
"Most people don't type their own logfiles;  but, what do I care?"
-
John Sage: InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.




More information about the list mailing list