In article <pan.2003.08.24.18.31.20.925466@mtco.com>,
Nucleon <tcfelker@mtco.com> wrote:
>On Sun, 24 Aug 2003 05:05:17 +0000, Larry Rosenman wrote:
>
>> I just talked to the VIAWEST NOCC, and the SCO and CALDERA web/FTP sites
>> are blackholed because some lovely miscreants are DDOS'ing them.
>>
>> When the attack stops, they'll lift the block at InterNAP.
>>
>> LER
>
>That's interesting, but can anyone confirm it? With some web searching, I
>can only find info about the DDoS on May 2, which SCO was quick to blame
>on Linux users. If there were another one, especially one that has
>continued for at least two days, wouldn't we have heard about it in the
>news?
>
>It's quiet. Too quiet.
Read what I said. My post was after I talked to a gentleman (I didn't
write his name down) in the ViaWest NOC.

I don't have enough traffic at the ISP I work for to tell what's going on.

The ViaWest folks have apparently put the lid on, as I tried to verify
my post earlier today for someone, and couldn't get information.

The traceroute I ran acts like an ACL or NULL ROUTE or combination
of the two. (I'm a network engineer by trade, and the person that
does these blocks for us).

SO, the evidence is an ACL/NULL route for the /24 that the SCO/Caldera
web/FTP sites live in. the reason can't be 100% verified because
ViaWest can't say to a NON-Customer what's going on (standard policy).

LER

--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler@lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749