| February 01, 2004 12:50 pm PST
Note that the following statement(s) may be attributed
either to Keynote, in general, or to Lloyd Taylor,
Keynote's vice president of technology. Keynote Systems,
headquartered in San Mateo, Calif., is the worldwide
leader in Web performance measurement and management
services.
The following link is to a MyKeynote chart showing
www.sco.com performance (upper graph) and availability
(lower graph) for the past five days as measured by
Keynote's domestic US Agent network, measuring from
25 cities:
http://web506.keynote.com/mykeynote/Post/KB40data_020104_123955.asp.
Performance and availability has been sporadic up
until approximately 9pm EST Saturday night, when availability
rapidly dropped to near-zero. It has remained near
or at zero availability since them.
The Internet (IP) address for www.sco.com was withdrawn
between midnight and 4am EST, largely blocking the
effect of the attack. Starting at approximately 4am,
the address was once again available, resulting in
the flow of sufficient attack traffic to cripple the
site.
The DDoS payload in the MyDoom.A worm is crafted to
ensure that www.sco.com stays unavailable, while minimizing
the collateral damage to the rest of the Internet.
Unlike the Blaster worm, which sent traffic as fast
as possible, the MyDoom.A worm waits for a response
or a timeout from the www.sco.com site before sending
more attack traffic. This ensures that the site is
inundated with just enough traffic to keep it unavailable.
|
