On Mon, 02 Feb 2004 01:37:26 +0200, Petri Helenius said: (I was speaking to *this* particular incident, not to the question of "how to prevent it" in general. Remember that this is the 5th or 6th time SCO has been DoS'ed sucessfully...)
> There are quite a few companies, big and small, who would be happy to sell you web or > content "switches" which forward the HTTP requests to the actual servers based on > almost any bit in the HTTP request. Yes, but this assumes a sufficient supply of clue, available financial resources, and motivation to deploy, and then balance the cost of those type of boxes against the impact on your revenue stream of getting DDoS'ed. When your web server isn't generating any revenue, your ongoing support (patch download, etc) is via a still-working FTP server, and you can get lots of PR out of saying "Those Linux freaks let loose a worm to DDoS us", why should you invest in that technology? > Does anybody have any numbers to actually support the theory that there > would actually be significant > traffic flowing somewhere? From SCO's 10K they filed with the SEC on Tues, Jan 28, and presumably actually written at least a day or two before: "Additionally, we have recently experienced a distributed denial-of-service attack as a result of the "Mydoom" worm virus. It is reported that the effects of this virus will continue into February 2004". So for them, the DDoS was already "past tense" a week ago. Not "expecting" or "will be shortly". Draw your own conclusions what happens if the DDoS attack fizzles for any reason, or if Netcraft's stats say a different story, etc... The best commentary I've seen on the whole sorry mess so far: http://ars.userfriendly.org/cartoons/?id=20040201
pgp00000.pgp
Description: PGP signature
