[ale] [segfault] SCO DOS attack legit (fwd)
    Chris Ricker 
    kaboom at gatech.edu
       
    Mon Dec 15 12:35:57 EST 2003
    
    
  
On Fri, 12 Dec 2003, Pete Hardie wrote:
> Groklaw's commentary mentioned that a SYN attack is old hat, and easily defended 
> against - why was SCO caught by such a trick?  Perhaps they are leaving 
> themselves open so they will be an easy target and can point their fingers at 
> open source zealots?
It's really hard to say one way or the other without knowing a lot more
about their topology, their equipment and connectivity, and how much traffic
they were seeing than any of Groklaw's armchair analysts know ;-). To some
extent SYN-flooding can be protected against at the end host (on some OSes),
but it's primarily something to deal with upstream from end hosts, at least
if traffic levels are non-trivial....
later,
chris
    
    
More information about the Ale
mailing list