Ben Barrett wrote: > Bob, the caida analysis repeated refers to a distributed > denial-of-service attack (DDoS) against SCO, but many other parts, > and groklaw, refer to a DoS attack. It was my understanding that > SYN flood attacks are generally not distributed attacks, although > I'm certain they *could* be coordinated... just that usually only > one attacker is needed, with good bandwidth, to generate a big > flood. Anyone have any clarification on whether this is truly a > DDoS, or technically a DoS?? (thanks)
Nobody knows whether it was distributed. (Okay, the attackers know. (-:) A traditional SYN flood attack uses very low bandwidth and relies on bugs/performance bottlenecks in the victim's TCP stack to make the host unusable. This attack did use SYN flooding, but it was high bandwidth. It didn't rely on bugs in Linux's TCP stack, it just used up all the network bandwidth. CAIDA put a lower bound on the attack at 45 Mbits/sec. That's just as likely to be SCO's upstream bandwidth limit as the attacking host(s)' bandwidth limit. Part of the problem is that SCO's press release didn't accurately describe what had happened. That's because the people who write the PR aren't the people who keep the network going. No surprise there. > Now to rip on SCO: maybe someone should tell them about the great > free code they could steal to protect them from this stuff... it's > been around a while, no? Apparently, unixware isn't up-to-snuff. SCO's web server runs on Linux. - Bob Miller K<bob> kbobsoft software consulting http://kbobsoft.com [EMAIL PROTECTED] _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
