A data-based analysis of SCO’s web site by the Cooperative Association for Internet Data Analysis (CAIDA) has found that this week’s outage was related to a distributed denial of service attack (DDoS). Data collected by CAIDA’s Network Telescope indicates that the sco.com site responded to more than 700 million attack packets over 32 hours, according to the analysis.
“Early in the attack, unknown perpetrators targeted SCO’s web servers with a SYN flood of approximately 34,000 packets per second,” CAIDA said. “Together www.sco.com and ftp.sco.com experienced a SYN flood of over 50,000 packets-per-second early Thursday morning.”
SCO’s statement attributing its outage to a DDoS attack had been widely questioned following a critique of the SCO press release at the Groklaw web site. CAIDA has previously used its technology to document Internet traffic events including the Code Red and Slammer worms.
A dynamically updating graph is available here.