Posted by: Anonymous Coward
on August 24, 2003 09:05 PM
If true, this is very unfortunate. The last thing the Open Source community needs in its fight against SCO (and indeed, in general) is to be associated with virus writers.
Unless SCO is behind the attack in order to create exactly the impression you cite.
Perhaps unlikely for SCO but in the 1950s the CIA organized mobs to riot againt the government then used the disorder to argue their case for a coup. Eisenhower was never told that the CIA rather than Tudeh (the Iranian communist party was behind it).
So yes this sort of thing does go on. But more generally it is important to police your supporters as vigilantly as your opponents. I was in Brazillia a couple of days ago for the Software Libre event in the parliament. The proceedings were in Protugeese and there was no translation so I did not follow all that was going on. But you could see the room turn against open source when the local loony firebrand started to speak. Instead of making the good case that his facts supported he went beyond the established facts to make claims that most people in the room simply dismissed as propaganda.
Up until that performance the tide was certainly with open source, afterwards there was a lot more opposition.
Basically the guy was speaking to his base, not building support. If recalls are so great, lets have one to recall Bush [blogspot.com] [ Reply to This | Parent | ]
Re:SCO's Website Down (Score:5, Informative)
by Archie Steel (539670) on 04:15 AM August 24th, 2003 (#6775999)
(http://archie.homelinux.net:8080/)
If you're asking for sources about the CIA's involvment in the 1953 coup in Iran, then I suggest the CIA's own declassified documents [gwu.edu], compiled by the National Security Archive. Very enlightening. Basically, the democratically-elected govt. of Mossadeq was seen as too "independent", and so the CIA orchestrated a coup that placed the Shah and the Ayatollahs in power. The Ayatollahs eventually decided they didn't want to share power, and the rest is history, as they say.
Oh, and by the way, the U.S. also prompted the U.S.S.R. to invade Afghanistan by getting involved there first, contrary to the official propaganda at the time. Carter's National Security Advisor admitted as much [globalresearch.ca]...
"We will gladly destroy the world should our will be challenged..." - tealover (187148)
[ Reply to This | Parent | ]
* 2 replies beneath your current threshold.
SCO's Website Down: It's Not A DDoS (Score:5, Informative) by MuParadigm (687680) on 12:47 AM August 24th, 2003 (#6775388)
I posted this at Groklaw, and I'm reposting it here since it seems pretty relevant to the current thread:
I ran some traceroutes to see where the problem is, and the results are quite interesting.
First, let's start with www.canopy.com. I am listing the traceroute output from step 12, since that's just two steps before where things get revealing:
Tracing route to www.canopy.com [216.250.142.120] over a maximum of 30 hops:<nobr> <wbr></nobr>.... 12 77 ms 77 ms 76 ms 66.62.3.56 13 74 ms 77 ms 74 ms den1-core-01.tamerica.net [66.62.3.45] 14 77 ms 77 ms 76 ms den1-edge-01.tamerica.net [66.62.4.3] 15 77 ms 77 ms 77 ms vi-001.brdr01.den05.viawest.net [66.62.160.22] 16 75 ms 77 ms 76 ms gige-01-m00-00.crrt02.den05.viawest.net [64.78.230.210] 17 87 ms 87 ms 89 ms pos-03-01.crrt01.slc03.viawest.net [64.78.227.10] 18 89 ms 89 ms 89 ms c7pub-216-250-136-70.center7.com [216.250.136.70] 19 91 ms 88 ms 87 ms c7pub-216-250-142-126.center7.com [216.250.142.126] 20 88 ms 89 ms 90 ms c7pub-216-250-142-120.center7.com [216.250.142.120]
Trace complete.
Now, let's traceroute www.caldera.com
Tracing route to www.caldera.com [216.250.140.125] over a maximum of 30 hops:<nobr> <wbr></nobr>.... 12 74 ms 77 ms 77 ms dal1-core-01.tamerica.net [66.62.6.193] 13 76 ms 77 ms 74 ms den1-core-01.tamerica.net [66.62.3.45] 14 77 ms 74 ms 74 ms den1-edge-01.tamerica.net [66.62.4.3] 15 * * * Request timed out.
And finally, www.sco.com:
Tracing route to www.sco.com [216.250.140.112] over a maximum of 30 hops:<nobr> <wbr></nobr>.... 12 76 ms 77 ms 76 ms dal1-core-01.tamerica.net [66.62.6.193] 13 75 ms 77 ms 76 ms den1-core-01.tamerica.net [66.62.3.45] 14 77 ms 76 ms 75 ms den1-edge-01.tamerica.net [66.62.4.67] 15 * * * Request timed out.
Canopy, Caldera, and SCO, all have addresses that are within the same class C addressing range, respectively: 216.250.140.120, 216.250.140.125, 216.250.140.112. While this makes it very possible that all three sites are served by the same machine, we can't prove that from this information. It is however, likely that they are served from the same router.
The next thing to note is that the route to SCO and Caldera both fail at the 14th step in the tracert. The last router that responds for each of them, at the 13th step, is den1-edge-01.tamerica.net (albeit from different ports). Canopy also passes through den1-edge-01.tamerica.net at the 13th step, but continues on to a router at viawest.com. From there, it passes through 2 more routers at ViaWest, and 3 routers at Center7.
ViaWest and Center7 are both Canopy companies.
On initial analysis, for any other company, a network manager/sys admin/networking consultant (such as me) would simply assume that SCO/Caldera was having a problem with its ISP. The weird thing, though, is the presence of Canopy's IP address right *between* SCO's and Caldera's addresses.
Assume that all 3 segments are served by the same router (no, we can't prove it from this data, but it's extremely likely). Canopy, in that case, should be experiencing problems too if the site were under a DOS attack.
In fact, anyone planning a DDOS attack would find it easier to just take out the whole address range, thereby including all 3 sites, rather than focus on just the SCO/Caldera sites -- and for technical reasons alone. Never mind that they would *want* to target Canopy as well.
Given all this, it is a pretty safe bet that SCO/Caldera has taken its websites down itself.
Why? To protect themselves from a DDOS attack? No. Any decent firewall could take care of that for them. That's why I suspected that it was not DoS attack: they've simply been down too long.
I don't know *why* they're still down. I wonder if they're about to collapse.
Learn about Linux
Download Linux
Get Linux help
from slashdot
Posted by: Anonymous Coward on August 24, 2003 09:05 PMUnless SCO is behind the attack in order to create exactly the impression you cite.
Perhaps unlikely for SCO but in the 1950s the CIA organized mobs to riot againt the government then used the disorder to argue their case for a coup. Eisenhower was never told that the CIA rather than Tudeh (the Iranian communist party was behind it).
So yes this sort of thing does go on. But more generally it is important to police your supporters as vigilantly as your opponents. I was in Brazillia a couple of days ago for the Software Libre event in the parliament. The proceedings were in Protugeese and there was no translation so I did not follow all that was going on. But you could see the room turn against open source when the local loony firebrand started to speak. Instead of making the good case that his facts supported he went beyond the established facts to make claims that most people in the room simply dismissed as propaganda.
Up until that performance the tide was certainly with open source, afterwards there was a lot more opposition.
Basically the guy was speaking to his base, not building support.
If recalls are so great, lets have one to recall Bush [blogspot.com]
[ Reply to This | Parent | ]
Re:SCO's Website Down (Score:5, Informative)
by Archie Steel (539670) on 04:15 AM August 24th, 2003 (#6775999)
(http://archie.homelinux.net:8080/)
If you're asking for sources about the CIA's involvment in the 1953 coup in Iran, then I suggest the CIA's own declassified documents [gwu.edu], compiled by the National Security Archive. Very enlightening. Basically, the democratically-elected govt. of Mossadeq was seen as too "independent", and so the CIA orchestrated a coup that placed the Shah and the Ayatollahs in power. The Ayatollahs eventually decided they didn't want to share power, and the rest is history, as they say.
Oh, and by the way, the U.S. also prompted the U.S.S.R. to invade Afghanistan by getting involved there first, contrary to the official propaganda at the time. Carter's National Security Advisor admitted as much [globalresearch.ca]...
"We will gladly destroy the world should our will be challenged..." - tealover (187148)
[ Reply to This | Parent | ]
* 2 replies beneath your current threshold.
SCO's Website Down: It's Not A DDoS (Score:5, Informative)
by MuParadigm (687680) on 12:47 AM August 24th, 2003 (#6775388)
I posted this at Groklaw, and I'm reposting it here since it seems pretty relevant to the current thread:
I ran some traceroutes to see where the problem is, and the results are quite interesting.
First, let's start with www.canopy.com. I am listing the traceroute output from step 12, since that's just two steps before where things get revealing:
Tracing route to www.canopy.com [216.250.142.120] over a maximum of 30 hops:<nobr> <wbr></nobr>....
12 77 ms 77 ms 76 ms 66.62.3.56
13 74 ms 77 ms 74 ms den1-core-01.tamerica.net [66.62.3.45]
14 77 ms 77 ms 76 ms den1-edge-01.tamerica.net [66.62.4.3]
15 77 ms 77 ms 77 ms vi-001.brdr01.den05.viawest.net [66.62.160.22]
16 75 ms 77 ms 76 ms gige-01-m00-00.crrt02.den05.viawest.net [64.78.230.210]
17 87 ms 87 ms 89 ms pos-03-01.crrt01.slc03.viawest.net [64.78.227.10]
18 89 ms 89 ms 89 ms c7pub-216-250-136-70.center7.com [216.250.136.70]
19 91 ms 88 ms 87 ms c7pub-216-250-142-126.center7.com [216.250.142.126]
20 88 ms 89 ms 90 ms c7pub-216-250-142-120.center7.com [216.250.142.120]
Trace complete.
Now, let's traceroute www.caldera.com
Tracing route to www.caldera.com [216.250.140.125] over a maximum of 30 hops:<nobr> <wbr></nobr>....
12 74 ms 77 ms 77 ms dal1-core-01.tamerica.net [66.62.6.193]
13 76 ms 77 ms 74 ms den1-core-01.tamerica.net [66.62.3.45]
14 77 ms 74 ms 74 ms den1-edge-01.tamerica.net [66.62.4.3]
15 * * * Request timed out.
And finally, www.sco.com:
Tracing route to www.sco.com [216.250.140.112] over a maximum of 30 hops:<nobr> <wbr></nobr>....
12 76 ms 77 ms 76 ms dal1-core-01.tamerica.net [66.62.6.193]
13 75 ms 77 ms 76 ms den1-core-01.tamerica.net [66.62.3.45]
14 77 ms 76 ms 75 ms den1-edge-01.tamerica.net [66.62.4.67]
15 * * * Request timed out.
Canopy, Caldera, and SCO, all have addresses that are within the same class C addressing range, respectively: 216.250.140.120, 216.250.140.125, 216.250.140.112. While this makes it very possible that all three sites are served by the same machine, we can't prove that from this information. It is however, likely that they are served from the same router.
The next thing to note is that the route to SCO and Caldera both fail at the 14th step in the tracert. The last router that responds for each of them, at the 13th step, is den1-edge-01.tamerica.net (albeit from different ports). Canopy also passes through den1-edge-01.tamerica.net at the 13th step, but continues on to a router at viawest.com. From there, it passes through 2 more routers at ViaWest, and 3 routers at Center7.
ViaWest and Center7 are both Canopy companies.
On initial analysis, for any other company, a network manager/sys admin/networking consultant (such as me) would simply assume that SCO/Caldera was having a problem with its ISP. The weird thing, though, is the presence of Canopy's IP address right *between* SCO's and Caldera's addresses.
Assume that all 3 segments are served by the same router (no, we can't prove it from this data, but it's extremely likely). Canopy, in that case, should be experiencing problems too if the site were under a DOS attack.
In fact, anyone planning a DDOS attack would find it easier to just take out the whole address range, thereby including all 3 sites, rather than focus on just the SCO/Caldera sites -- and for technical reasons alone. Never mind that they would *want* to target Canopy as well.
Given all this, it is a pretty safe bet that SCO/Caldera has taken its websites down itself.
Why? To protect themselves from a DDOS attack? No. Any decent firewall could take care of that for them. That's why I suspected that it was not DoS attack: they've simply been down too long.
I don't know *why* they're still down. I wonder if they're about to collapse.
#