[ale] [segfault] SCO DOS attack legit (fwd)
Chris Ricker
kaboom at gatech.edu
Mon Dec 15 12:35:57 EST 2003
On Fri, 12 Dec 2003, Pete Hardie wrote:
> Groklaw's commentary mentioned that a SYN attack is old hat, and easily defended
> against - why was SCO caught by such a trick? Perhaps they are leaving
> themselves open so they will be an easy target and can point their fingers at
> open source zealots?
It's really hard to say one way or the other without knowing a lot more
about their topology, their equipment and connectivity, and how much traffic
they were seeing than any of Groklaw's armchair analysts know ;-). To some
extent SYN-flooding can be protected against at the end host (on some OSes),
but it's primarily something to deal with upstream from end hosts, at least
if traffic levels are non-trivial....
later,
chris
More information about the Ale
mailing list