SCO Was DoSed

CAIDA, the Cooperative Association for Internet Data Analysis, provides proof that SCO was hit by a Denial of Service attack.

At 3:20 AM PST on Wednesday, December 10, 2003, the UCSD Network Telescope began to receive backscatter traffic indicating a distributed denial-of-service attack against the SCO Group. Early in the attack, unknown perpetrators targeted SCOs web servers with a SYN flood of approximately 34,000 packets per second. In real world terms, the attack caused SCO to receive so many incoming prank phone calls that their switchboard was flooded.

Around 2:50 AM PST Thursday morning, December 11, the attacker(s) began to attack SCOs ftp (file transfer protocol) servers in addition to continuing the web server attack. Together and experienced a SYN flood of over 50,000 packet-per-second early Thursday morning. By mid-morning Thursday (9 AM PST), the attack rate had reduced considerably to around 3,700 packets per second. Throughout Thursday morning, the ftp server received the brunt of the attack, although the high-intensity attack on the ftp server lasted for a considerably shorter duration than the web server attack. At 10:40 AM PST, SCO removed their web servers from the Internet and stopped responding to the incoming attack traffic. Their Internet Service Provider (ISP) appears to have filtered all traffic destined for the web and ftp servers until they came back online at 5 PM PST.

For the rest of the analysis, click here.