A day-old denial-of-service attack on the Web server of the controversial SCO Group has been expanded to assault the company's mail and file servers, SCO's top network administrator said.
The attack, which first hit the company's Web and file servers on Wednesday around 3:20 a.m. PST, paused briefly last night before resuming against more SCO servers, said Jeff Carlon, director of worldwide information technology infrastructure for the Lindon, Utah, company.
"There is no way to fully prevent the attack; we are somewhat at the mercy of the guy that is doing the attack," he said.
The deluge of data that has swamped the company's network has also swept up its critics in a new wave of theories as to why the company cannot, or will not, stop the third such attack on its network in six months. Such attacks can usually be largely mitigated by buying up more bandwidth and connecting through Internet service providers that have special technology aimed to defeat the assaults.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.
Security experts said that previous attacks in May and August should have been adequate warning for the company to have taken steps to protect its connection to the Internet.
"There are definitely things out there that they can buy, or services that solve this problem," said David Moore, assistant director and researcher at the Cooperative Association for Internet Data Analysis (CAIDA) and an expert on denial-of-service attacks. "It is just a question of how important your Web site is to you and how much you are willing to spend."
SCO has gained the ire of the open-source community for its pursuit of a legal case that, if successful, would essentially give the company rights to important parts of the Linux source code. Most Linux users don't take the claims seriously, however, and the case hasn't slowed the growth of Linux. A recent report published by market researcher IDC found that sales of Linux servers grew almost 50 percent in the third quarter of 2003, compared with the same period a year earlier.
"The thing we have to keep in mind is that this is not something that we are doing," said SCO's Carlon, referring to the attack. "This is not something that we have made up. It is an illegal activity that is having a sizable impact on our company." SCO, in a rare move, is publicizing the attack.
The attack, which SCO identified as a SYN flood, tries to open a connection with a server across the Internet by sending a SYN packet to the computer. That data is a part of the normal communications process between computers and indicates that a computer on the Internet wants to start communicating with the server. The server would normally respond to the packet and await a connection, allocating memory for the process. An attacker, by sending a relatively small number of requests to a server, can essentially use up the target computer's resources.
The SCO Web site outage was confirmed by Internet performance company NetCraft. CAIDA's Moore also confirmed the attack by analyzing backscatter data showing that both SCO's Web server and FTP server had been inundated by network traffic. As many as 50,000 packets per second hit the company's servers on Wednesday night. By Thursday morning, the attack had been reduced to some 3,000 packets per second and the company's servers were responding to one in every three requests.
The statistics suggest, however, that the attack is more a brute-force tactic of inundating a network with data than a simple SYN flood.
"A SYN flood would have been trivially preventable," said David Conrad, chief technology officer for Nominum, an Internet infrastructure technology company. "Every major operating system vendor in the world could have defeated it."
A SYN flood can be prevented by using a Linux feature known as SYN cookies. The technique uses basic encryption to prevent memory from being used up by fake connection requests. However, it also constitutes a tradeoff: lower memory usage for higher processor usage.
Moreover, while the technique does protect the target computer, it doesn't prevent the network from succumbing to the onslaught of data. A SYN flood that fails to use up the target server's memory could still overwhelm its connection to the network, CAIDA's Moore said.
A flood of data can't easily be dodged, but by buying more bandwidth or by using an Internet service provider that has technology to shunt such an attack, it can be mitigated, Moore said.
"There is always kind of an arms race between how much money you are willing to spend and how much the attacker wants to bring down your network," said Moore.
SCO said that it is spending enough, if not too much, on defense.
"I can assure you that we are expending significant amounts of resource and money to combat this activity," Carlon said. "In doing so, as a result of these attacks, we have to spend money that we might not be able to spend elsewhere."
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Company requests ban on sales in the U.S. of the Samsung-made showcase for Google's heavily touted Ice Cream Sandwich version of the Android operating system, saying it violates four Apple patents.
AstrologyDating.com is a new site that tries to find you your perfect love on the basis of birth date, birth time, and birthplace. But will it tell you the truth? Well, it asks you to pay only per match. So I tried it.
The Web fulminates when it is revealed that executives from VEVO--vehement music industry antipirates--played a pirated stream of an NFL playoff game at a party. VEVO claims it left its Wi-Fi unsupervised. Have we heard that argument before?
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
iPhones and Angry Birds aside, the arcade endures. Crave pays a visit--and offers up an homage to games and gamers of years past and a tribute to the possibly endangered, but not yet dead, atmosphere of the arcade itself.
Join the conversation