SCO's foes inflict woes, if there are limits, no one knows


No matter hard you try, sometimes it's just not possible to prevent --

well, lets call it an anomaly. Even when you know it's coming.

SCO, the Utah-based company that believes it owns Unix and has been

suing the pants off Linux devotees for allegedly infringing on the Unix

kernel, is having some difficulties of its own. Payback from the Linux

community? Who's to say?

That miserable "Mydoom" or "Novarg" virus, the one that's giving your

e-mail system fits lately, apparently was programmed to hunt down and do

vary bad things to SCO's Web site. The coordinated attack bombarded the

SCO site with hundreds of thousands of requests, crippling the site.

Indeed, while Janet Jackson was exposing herself during half-time at the

Super Bowl, I was at my PC, trying to access the SCO site. I was

unsuccessful. In fact, at noon the next day, I still couldn't get any

response from the SCO site.

I guess it's one thing if your (or your customer's) site is merely

informational or a place where users come to download an occasional

update or patch. But if the site is transactional in nature (bank,

travel agency, commerce, etc.), a business literally comes to a

screeching halt. That is a very bad thing.

But here's the interesting part: SCO knew the attack was coming and was

still powerless to do anything about it.

One of the companies who follow this sort of thing is Symantec, purveyor

of various antivirus and antispam products (perhaps they fall short of

bring described as a "solution"). As of Feb. 1, the Symantec Security

Response (SSR) team logged the following W32.Novarg.A@mm/MyDoom


-- Total submissions: 15,930. At its peak, Novarg was spreading at a

rate of 150 infections per hour. On Friday, Jan. 30, it was spreading at

a rate of 100 infections per hour. As of Feb. 2, SSR is tracking 80

infections per hour. Although the infection rate was tailing off, this

could be because most businesses are closed on weekends.

-- Novarg still appears to be propagating -- almost entirely via e-mail,

but most of it is being caught at customers' perimeter.

-- There has been 4,857 unique IPs scanning for Novarg backdoors running

on TCP 3127. This is one place where security scanners look for

vulnerable systems.

The volume of Internet traffic attempting to access the SCO Web site

began to rise Saturday night, flooding the company's Web servers just

after midnight. Essentially, hundreds of thousands of computers were all

trying to access simultaneously and repeatedly. No company,

not SCO, not Microsoft's, not yours, and not your customers' can handle

that amount of bandwidth. Like a human body shutting itself down as it

rejects a transplanted heart, SCO's Web site threw it's binary hands up

in defeat, and rolled over.

Forget that this is probably the Linux community beating up its sworn

enemy. Indeed, there is another variant of the same worm programmed to

inundate Microsoft's Web site (now who'd want to do that?). When these

attacks come from the outside, there's little you can do from inside the


What's scary is that SCO has plenty of world-class technology on its

payroll, and has pretty deep pockets. You'd think that would translate

into a Web and network operation that is so completely bullet-proof,

nothing could ever happen. But that's obviously not true.

So what does that mean to the companies that depend on you to keep

things at their sites running smoothly? If hackers decided to take aim

at one of your customer's sites, flooding them with more traffic than

can be handled, there's really not a whole lot you can do. Fortunately,

most companies are simply not the target of such an attack. That is, to

some degree, a certain piece of mind.

This all conjures up images of the old West, with stockade fortresses

reinforcing their perimeter to fend off attacks from the outside. You

can't stop the attacks, merely build up perimeter safety. You can visit

your customers, and, assuming that they already have adequate perimeter

security installed, you may find that isn't another product in your

arsenal that you can sell. At a time like this, your presence at the

customer premises shows your concern and is likely to go a long way

toward keeping that customer content.

Of course, this isn't the first time an attack of this nature has

happened. No doubt you'll remember back a couple of years when the

dreaded "denial of service" attacks brought eBay and other high-profile

site to their knees.

I don't like the idea of being powerless. Technical problems usually

have technical solutions. But not always.

ITWorld DealPost: The best in tech deals and discounts.
You Might Like