Net attack crushes SCO Web site

[InfoSec News <isn () c4i org>]

http://news.com.com/2100-1002_3-999584.html

By Stephen Shankland 
Staff Writer, CNET News.com
May 2, 2003

An avalanche of data blocked access to the SCO Group's Web site for
several hours Friday, said the company, which has come under fire from
Linux fans for an ongoing lawsuit against IBM.

At 10:45 a.m. PDT, the Unix and Linux seller was hit by a distributed
denial-of-service attack that hampered its Internet operations, said
SCO spokesman Blake Stowell. In a DDoS attack, numerous computers
simultaneously send so much data across a network that the targeted
system slows to a crawl trying to keep up with the traffic it's
receiving.

Stowell said SCO had no indication who was behind the attack or why it
was launched, but the Utah-based company has incurred the wrath of
many Linux enthusiasts infuriated with its lawsuit against IBM. SCO
seeks more than $1 billion in the suit, which accuses Big Blue of
taking Unix intellectual property to which SCO owns rights, and moving
it into open-source Linux. On Thursday, SCO Chief Executive Darl
McBride said Unix source code had been copied line-by-line into Linux.

Unofficial open-source spokesmen such as Bruce Perens and Eric Raymond
have condemned the lawsuit as an act of desperation, and others in the
Linux community have been less gentle in their scorn.

A DDoS attack is hitting below the belt, though, Stowell said. "It's
one thing to have a complaint with SCO's lawsuit or with our position
in terms of code being found in Linux. It's another thing to deal with
that in an unprofessional way," he said.

But if the attack is indeed a payback move, it wouldn't be the first
time. Attackers took down the Web site of the Recording Industry
Association of America, unpopular for its crackdown on music swapping.

While the Iraq war was at its height, Arabic news site Al Jazeera was
cut off from most of its audience because of a deluge of data. And two
years ago, Internet attackers buried the White House's Web site in so
much traffic that it, too, was inaccessible.

Such attacks are quite common, but frequently go unreported. A
two-year-old study of Internet traffic found that every week, some
4,000 attacks lasting more than 10 minutes each are launched.

SCO's Internet service provider, ViaWest, told SCO that about 100
high-speed T1 data-transmission lines of network capacity--about 90
percent of its total bandwidth--was being consumed in the attack. "It
was a large, extremely well-orchestrated DDoS attack," ViaWest told
SCO.

The ISP worked to screen out the offending data, and SCO's Web site
was back in operation by 4 p.m., Stowell said.

ViaWest found 138 different machines were involved in the attack.  
Apparently, the systems had been infected earlier with an DDoS program
that was triggered by a signal. It was the second-largest onslaught
ViaWest had experienced, according to SCO.

The U.S. Attorney's office is investigating the attack, and
information on its details was provided to the FBI's Cyber Crime
Division, the software maker added.

News.com's Rob Lemos contributed to this report.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.