No matter hard you try, sometimes it's just not possible to prevent --
well, lets call it an anomaly. Even when you know it's coming.
SCO, the Utah-based company that believes it owns Unix and has been
suing the pants off Linux devotees for allegedly infringing on the Unix
kernel, is having some difficulties of its own. Payback from the Linux
community? Who's to say?
That miserable "Mydoom" or "Novarg" virus, the one that's giving your
e-mail system fits lately, apparently was programmed to hunt down and do
vary bad things to SCO's Web site. The coordinated attack bombarded the
SCO site with hundreds of thousands of requests, crippling the site.
Indeed, while Janet Jackson was exposing herself during half-time at the
Super Bowl, I was at my PC, trying to access the SCO site. I was
unsuccessful. In fact, at noon the next day, I still couldn't get any
response from the SCO site.
I guess it's one thing if your (or your customer's) site is merely
informational or a place where users come to download an occasional
update or patch. But if the site is transactional in nature (bank,
travel agency, commerce, etc.), a business literally comes to a
screeching halt. That is a very bad thing.
But here's the interesting part: SCO knew the attack was coming and was
still powerless to do anything about it.
One of the companies who follow this sort of thing is Symantec, purveyor
of various antivirus and antispam products (perhaps they fall short of
bring described as a "solution"). As of Feb. 1, the Symantec Security
Response (SSR) team logged the following W32.Novarg.A@mm/MyDoom
-- Total submissions: 15,930. At its peak, Novarg was spreading at a
rate of 150 infections per hour. On Friday, Jan. 30, it was spreading at
a rate of 100 infections per hour. As of Feb. 2, SSR is tracking 80
infections per hour. Although the infection rate was tailing off, this
could be because most businesses are closed on weekends.
-- Novarg still appears to be propagating -- almost entirely via e-mail,
but most of it is being caught at customers' perimeter.
-- There has been 4,857 unique IPs scanning for Novarg backdoors running
on TCP 3127. This is one place where security scanners look for
The volume of Internet traffic attempting to access the SCO Web site
began to rise Saturday night, flooding the company's Web servers just
after midnight. Essentially, hundreds of thousands of computers were all
trying to access www.sco.com simultaneously and repeatedly. No company,
not SCO, not Microsoft's, not yours, and not your customers' can handle
that amount of bandwidth. Like a human body shutting itself down as it
rejects a transplanted heart, SCO's Web site threw it's binary hands up
in defeat, and rolled over.
Forget that this is probably the Linux community beating up its sworn
enemy. Indeed, there is another variant of the same worm programmed to
inundate Microsoft's Web site (now who'd want to do that?). When these
attacks come from the outside, there's little you can do from inside the
What's scary is that SCO has plenty of world-class technology on its
payroll, and has pretty deep pockets. You'd think that would translate
into a Web and network operation that is so completely bullet-proof,
nothing could ever happen. But that's obviously not true.
So what does that mean to the companies that depend on you to keep
things at their sites running smoothly? If hackers decided to take aim
at one of your customer's sites, flooding them with more traffic than
can be handled, there's really not a whole lot you can do. Fortunately,
most companies are simply not the target of such an attack. That is, to
some degree, a certain piece of mind.
This all conjures up images of the old West, with stockade fortresses
reinforcing their perimeter to fend off attacks from the outside. You
can't stop the attacks, merely build up perimeter safety. You can visit
your customers, and, assuming that they already have adequate perimeter
security installed, you may find that isn't another product in your
arsenal that you can sell. At a time like this, your presence at the
customer premises shows your concern and is likely to go a long way
toward keeping that customer content.
Of course, this isn't the first time an attack of this nature has
happened. No doubt you'll remember back a couple of years when the
dreaded "denial of service" attacks brought eBay and other high-profile
site to their knees.
I don't like the idea of being powerless. Technical problems usually
have technical solutions. But not always.