[LINK]
SCO legal case poses a conundrum on how it should defend a DDoS
Rick Welykochy
rick at praxis.com.au
Fri Jan 30 16:24:48 EST 2004
<http://news.netcraft.com/archives/2004/01/29/sco_legal_case_poses_a_conundrum_on_how_it_should_defend_a_ddos.html>
<QUOTE>
SCO legal case poses a conundrum on how it should defend a DDoS
While Microsoft has a track record of deflecting DDoS attacks, the SCO
Group's ability to defend its web site is complicated by the company's
legal battle with Linux users. Both companies will be targeted Sunday by
denial of service attacks from Windows computers infected by the MyDoom worm.
Content distribution networks (CDN) can play a key role in defeating DDoS
attacks, using their large and widely distributed networks of servers to
blunt their impact. Microsoft used a CDN service from Akamai to keep its
web site online last August, when the Blaster worm programmed machines to
launch a DDoS on the Windows Update site. Microsoft's strategy drew considerable
attention, as the front page of the www.microsoft.com site was served by Linux
machines on Akamai's network.
The largest CDN providers - Akamai, Cable & Wireless and Speedera - all make
extensive use of Linux servers. That's a problem for SCO, which contends that
Linux includes copyrighted code from its own operating system, and is asking
Linux users to pay $699 per server for the right to use its intellectual property.
It’s implausible that any of the CDN providers would pay this licence fee. If
SCO feels that it is unable to patronise a very prominent Linux user, this eliminates
one of the most proven defences and contrasts strongly with Microsoft’s practical
and prosaic approach.
That dilemma may explain why the sco.com site has been very slow to load for
more than a day even though the anticipated DDoS from MyDoom-infected computers
isn't triggered until Sunday. The company has publicly attributed the outage to
a DDoS, and has a history of failure deflecting such attacks. People have speculated
that the current slowness of response from the site may be caused by traffic from
infected machines with incorrect system dates, by seperate DDoS attacks unrelated
to the virus, or simply by bona fide http traffic caused by the number of articles
written recently that include a url to the SCO site.
The spread of the MyDoom worm variants may provide a sterner test for Microsoft
than Blaster, which is estimated to have controlled 220,000 windows machines.
Estimates of the number of computers infected by MyDoom range from 300,000 to as
high as 600,000. Presently, Microsoft is using AKamai for DNS services, but is
serving the front page of www.microsoft.com directly from Redmond.
% ping www.microsoft.com
PING www2.microsoft.akadns.net (207.46.134.157): 56 data bytes
%whois -a 207.46.134.157
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 207.46.0.0 - 207.46.255.255
It will be interesting to see if Microsoft introduces Akamai http caching for the
front page of www.microsoft.com in the run up to Sunday.
</QUOTE>
More information about the Link
mailing list