[scg-sec] Sco.com
Sean Donelan
sean at donelan.com
Tue Jan 27 20:26:24 EST 2004
What type of network impact are we actually expecting. Www.sco.com may
get knocked off the air, but the attack itself appears to be TCP SYN
limited. The attack computers appear to throw a bunch of SYNs and then
stall waiting for a responses.
I know the attack isn't going to start in ernest until Feb 1, but even
with clock scew there isn't a whole lot of network traffic. If SCO
akamized their web site, I might be more concerned, because Akamai has
enough bandwidth to DoS the attackers back just by responding to the
requests.
Other than blackholing www.sco.com traffic, either SCO abandons the
domain or we sink the IP traffic, what can we really offer? Get our
customers to fix their computers before February 1?
sean donelan
sbc security guy (I have a lot of attack computers)
More information about the scg-sec
mailing list