"www.sco.com is a wmd" | depenguinator | weird
Colin Percival
colin.percival at wadham.ox.ac.uk
Fri Jan 30 09:06:01 PST 2004
At 16:33 30/01/2004, a clever sheep wrote:
>this is by far the strangest netcraft article i've seen. it does
>mention freebsd, in what could be construed as a positive light (i
>think):
>
>http://news.netcraft.com/archives/2004/01/30/wwwscocom_is_a_weapon_of_mass_destruction.html
>
>and it mentions colin percival and depenguinator!
Yes, I noticed incoming traffic from there about 3 hours ago. It's
definitely a wierd story.
Also wierd is the fact that everyone's treating this like it's going
to kill SCO's web site. It might, but only if they're idiots (which,
admittedly, they often seem to be).
Identifying infected systems is easy; the HTTP requests they send are
distinctive. Filtering packets by source IP is easy. Once you can
filter the packets, this DDoS isn't a problem: Send them to LaBrea, and
the total bandwidth consumption of 500,000 MyDoom worms should be around
85 Mbps -- which SCO should certainly be able to afford. (Meanwhile,
they'll be putting together a very complete list of IP addresses of
infected machines.)
Colin Percival
More information about the freebsd-chat
mailing list