Screaming Penguin

SCO reported a DoS attack (again) late last week. Whether or not one actually occured is at this point *very* suspect. The linked ars article which in turn links a Groklaw article points out several glaring issues with the account of the "attack". First off, according to the Groklaw article, most traffic when the attack was said to have occurred stopped at a gateway and yet some other traffic had no issues at all (not symptomatic of a network under attack). In addition the type of attack SCO claimed occured (syn flood) has not been possible with Linux systems since 1999 (well, properly updated systems). This means either A.) they are lying about the attack or B.) they are so lack in security that they are vulnerable to syn flood? (And this from a company that is a prime target because of the Linux battle.) From the article: "Mitigation tools for this type of attack have been available since 1999 and earlier. For the Linux Kernel, commercial firewalls and routers. These tools called syn_cookies are routinely applied by all sites that are even moderately concerned about basic security, and this is why we don't hear about eBay or Yahoo! or other well known sites suffering from syn flood attacks." On the other side the SCO data has been analysed from the time of the attack and the organization that did the analyzations says they DID suffer a syn flood attack. So would SCO fake such an attack to try to garner sympathy for themselves AND discredit the "open source community" whom they blame for the attack? I think thats a resounding hell yes, they are capable of it. For more on this latest SCO crap, check the linked ars article.   SCO DoS attack: fact or fiction?