Date: Fri, 30 Jan 2004 17:03:40 +0000 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: a clever sheep <aard@perilith.com> Cc: freebsd-chat@freebsd.org Subject: Re: "www.sco.com is a wmd" | depenguinator | weird Message-ID: <6.0.1.1.1.20040130164156.03da6370@imap.sfu.ca> In-Reply-To: <20040130163329.GC9412@mavra.perilith.com> References: <20040130163329.GC9412@mavra.perilith.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 16:33 30/01/2004, a clever sheep wrote: >this is by far the strangest netcraft article i've seen. it does >mention freebsd, in what could be construed as a positive light (i >think): > >http://news.netcraft.com/archives/2004/01/30/wwwscocom_is_a_weapon_of_mass_destruction.html > >and it mentions colin percival and depenguinator! Yes, I noticed incoming traffic from there about 3 hours ago. It's definitely a wierd story. Also wierd is the fact that everyone's treating this like it's going to kill SCO's web site. It might, but only if they're idiots (which, admittedly, they often seem to be). Identifying infected systems is easy; the HTTP requests they send are distinctive. Filtering packets by source IP is easy. Once you can filter the packets, this DDoS isn't a problem: Send them to LaBrea, and the total bandwidth consumption of 500,000 MyDoom worms should be around 85 Mbps -- which SCO should certainly be able to afford. (Meanwhile, they'll be putting together a very complete list of IP addresses of infected machines.) Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.1.1.1.20040130164156.03da6370>