News Stay informed about the latest enterprise technology news and product updates.

Debate raging over DDoS attack on SCO

SCO Group says hackers are flooding its Web site with traffic, overwhelming its servers and keeping it offline. Some posters to Groklaw doubt that's the case.

Hackers have launched a denial-of-service attack against the SCO Group's Web site and have rendered it inaccessible since 4:20 a.m. MST Tuesday. It's the third such attack against since the Unix vendor filed a multibillion-dollar lawsuit against IBM and issued legal threats against the Linux and open source communities.

As of 11:20 a.m. EST today, the site was still down, and SCO said users were unable to access updates and patches, among other online services. Posters to blog Groklaw, however, debate the accuracy of SCO's claims.

SCO spokesman Blake Stowell told that the company has contacted law enforcement and is working with its Internet service provider, which is investigating the attack.

"We have things in place to somewhat track this. It's a matter of taking the information we have and seeing what we can find out," Stowell said. "But, as with every denial-of-service attack, they are hard to track."

Stowell said SCO is under a "syn attack," in which a hacker has hijacked potentially thousands of servers and has instructed those servers to flood the SCO site with illegitimate traffic, consuming SCO's bandwidth and keeping it offline.

Posts from people claiming to be security administrators and officers to Groklaw, a blog on the SCO case, debate whether SCO is suffering from a syn attack. Syn attacks are considered antiquated and easily mitigated by most commercial firewalls and routers and the Linux kernel (SCO's site runs on Linux). Some contend that if SCO is indeed suffering from a syn attack, its security is grossly negligent because patches have been available in some cases since 1999 for these flaws and are asking why SCO hasn't bothered to apply them.

Others said that SCO's ftp server was accessible from the United States and abroad, tossing cold water on SCO's claims that updates and patches were not available, as well as its claims that it were under attack.

One poster wrote: "I feel quite comfortable in stating that SCO [is] NOT suffering a DDoS attack; specifically not one that they have described. It looks to me like someone has accidentally kicked a cable out of it's socket or similar, or a HDD failure. Speaking as a sysadmin/firewall guy, my first priority in any attack is to solve the problem -- not issue a press release."

SCO has been the center of controversy since it accused IBM of illegally contributing Unix code owned by SCO to the Linux kernel. Since then, the Lindon, Utah, company has followed up with threats of more legal action against Linux users in the Fortune 1500.

"This has happened before, and we're sure it's going to happen again," Stowell said. "It's obvious that when people are acting outside the bounds of the law, it's a negative. We do what we have to do to prevent these attacks."

SCO was attacked in late August and kept offline for the better part of a weekend. A firestorm touched off when, in the aftermath of that attack, postings to a Linux mailing list suggested that someone in the open source community was responsible.

SCO CEO Darl McBride told recently that the threats to SCO are not only of a digital nature. McBride said some executives have received death threats, angry late-night phone calls and challenges to fistfights.

"The vast majority of these [threats] have been of the crank-call variety," McBride said. "We have hired the best personal security team. They have worked through these threats and determined that some have come from people with records who have done time in the big house. We take these very seriously."

Dig Deeper on Linux servers

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.