Here is the posting, from January 30, 2004 12:33 PM, posted by "mhp": the headline is from the original.
www.sco.com is a weapon of mass destruction
"Much of the commentary on the SCO distributed denial of service scenario, including our own [at Netcraft.com] , has been based on the premise that SCO badly wants to keep their web site running. This may not be the case: unlike Microsoft, which has a real business to run and a real need to keep its web site operational, SCO Executives may not strongly care about the availability of www.sco.com. After all, Michael Doyle’s half a billion dollar patent win against Microsoft scarcely hinged on the response times of the Eolas web site.
In fact, the author of the MyDoom virus has delegated control of directing the most enormous volume of http traffic that the Internet has yet seen to hostmaster@sco.com. On a whim, SCO can direct that Tsunami at an object of their choosing, simply by changing an A record in named.conf in time for the change to propagate by Sunday.
In this context, SCO Executives may have latitude to consider alternative defenses which do not involve having to parlay with low-down-no-good-Linux-loving-CDN-providers.
Solution 1: Move the SCO site to somewhere that has the clue and the clout to cope.
Consequences: SCO Executives buy a small business shared hosting account at Yahoo, noting that it runs on FreeBSD, not Linux, and point www.sco.com at the new account.
webhosting.yahoo.com stays up, and serves all the http requests from the infected machines at the same speed that the www.yahoo.com front page normally loads. Virus author kicks the cat in frustration. SCO’s entire corporate cash resources exhausted by Yahoo’s bandwidth surcharges in the first eight minutes. Yahoo pre-announces record quarter for hosting division.
Solution 2: Take www.sco.com out of the DNS.
Consequences: Everyone has a quiet weekend. SCO Execs drink Budweiser and watch the Superbowl. Global media considers that the virus author “has won”. Anti-virus company Execs do not return journalists' calls on “What was all that fuss?”
Solution 3: Point www.sco.com at someone you don’t like.
Consequences: SCO Executives take a poll on which web site annoys them the most. Slashdot wins. hostmaster@sco.com CNames www.sco.com to slashdot.org. SCO Execs cackle demonically at the prospect of slashdotting Slashdot.
Linux community notices DNS change propagating within five minutes. Eric Raymond calls for “restraint in the face of SCO’s continual provocation”. Undeterred, Linux community launches internet-wide round the clock hackathon, and finds six “trivially insecure” US military installations shortly after the US military go home on Friday afternoon. Spend Saturday soaking up the totally awesome graphics on the Stealth bomber flight simulators, and then obliterate most of Utah, sco.com name servers and all, on Sunday morning hours before the DDoS is due to hit Slashdot. SCO Execs still laughing themselves helpless about the /. Effect when the bomb hits.
New, previously unknown Linux Thought Leader declares that “we have met the enemy, and they are gone”. Traffic to Slashdot triples, Hemos weeps about the size of OSDN’s unsold banner inventory. Follow up posts enthuse about the quality of the stealth bomber user interface, then propose that they should sort out “the problem in Redmond” before they give the US Military their network back in time for Monday morning. New Linux Thought Leader concurs, adding that there’s a carding site in Moscow that really ticks him off, too. Armageddon.
Solution 4: Get to the Windows machines before they go off.
Consequences: SCO executives persuade Slashdot readers that Windows machines are their common enemy and that the enemy of my enemy is my friend. Someone in the Linux community notices Colin Percival’s Depenguinator program, and considers that with some minor modifications, it can be distributed by the MyDoom virus, and as its payload, download and install Debian 3.0r2, KDE, Open Office and Evolution. Changes name of program to “De Penguinator”.
Entire set of infected Windows machines is reached and either comes up running Debian or crashes stone dead trying. No denial of service attack occurs. SCO sends licence fee demands to owners of all the previously infected windows machines. They happily pay up and SCO splits the proceeds with Slashdot readers.
Solution 5: SCO Execs point www.sco.com at the loopback address 127.0.0.1, end lawsuits, dismiss lawyers, and invest remaining corporate cash reserves in call options in Dell & Microsoft stock.
Consequences: No denial of service traffic whatsoever seen on the Internet. Millions of Windows users notice that their computer is running extremely slowly. Many buy new machines, which fixes the problem. Dell & Microsoft stock rises. Everyone lives happily ever after."
Subscribe to Open Source Magazine Email News Alerts
Subscribe via RSS
