I posted this at Groklaw, and I'm reposting it here since it seems pretty relevant to the current thread:
I ran some traceroutes to see where the problem is, and the results are quite interesting.
First, let's start with www.canopy.com.
I am listing the traceroute output from step 12, since that's just two steps before where things get revealing:
Tracing route to www.canopy.com
[220.127.116.11] over a maximum of 30 hops: ....
12 77 ms 77 ms 76 ms 18.104.22.168
13 74 ms 77 ms 74 ms den1-core-01.tamerica.net [22.214.171.124]
14 77 ms 77 ms 76 ms den1-edge-01.tamerica.net [126.96.36.199]
15 77 ms 77 ms 77 ms vi-001.brdr01.den05.viawest.net [188.8.131.52]
16 75 ms 77 ms 76 ms gige-01-m00-00.crrt02.den05.viawest.net [184.108.40.206]
17 87 ms 87 ms 89 ms pos-03-01.crrt01.slc03.viawest.net [220.127.116.11]
18 89 ms 89 ms 89 ms c7pub-216-250-136-70.center7.com [18.104.22.168]
19 91 ms 88 ms 87 ms c7pub-216-250-142-126.center7.com [22.214.171.124]
20 88 ms 89 ms 90 ms c7pub-216-250-142-120.center7.com [126.96.36.199]
Now, let's traceroute www.caldera.com
Tracing route to www.caldera.com
[188.8.131.52] over a maximum of 30 hops: ....
12 74 ms 77 ms 77 ms dal1-core-01.tamerica.net [184.108.40.206]
13 76 ms 77 ms 74 ms den1-core-01.tamerica.net [220.127.116.11]
14 77 ms 74 ms 74 ms den1-edge-01.tamerica.net [18.104.22.168]
15 * * * Request timed out.
And finally, www.sco.com:
Tracing route to www.sco.com
[22.214.171.124] over a maximum of 30 hops: ....
12 76 ms 77 ms 76 ms dal1-core-01.tamerica.net [126.96.36.199]
13 75 ms 77 ms 76 ms den1-core-01.tamerica.net [188.8.131.52]
14 77 ms 76 ms 75 ms den1-edge-01.tamerica.net [184.108.40.206]
15 * * * Request timed out.
Canopy, Caldera, and SCO, all have addresses that are within the same class C addressing range, respectively: 220.127.116.11, 18.104.22.168, 22.214.171.124. While this makes it very possible that all three sites are served by the same machine, we can't prove that from this information. It is however, likely that they are served from the same router.
The next thing to note is that the route to SCO and Caldera both fail at the 14th step in the tracert. The last router that responds for each of them, at the 13th step, is den1-edge-01.tamerica.net (albeit from different ports). Canopy also passes through den1-edge-01.tamerica.net at the 13th step, but continues on to a router at viawest.com. From there, it passes through 2 more routers at ViaWest, and 3 routers at Center7.
ViaWest and Center7 are both Canopy companies.
On initial analysis, for any other company, a network manager/sys admin/networking consultant (such as me) would simply assume that SCO/Caldera was having a problem with its ISP. The weird thing, though, is the presence of Canopy's IP address right *between* SCO's and Caldera's addresses.
Assume that all 3 segments are served by the same router (no, we can't prove it from this data, but it's extremely likely). Canopy, in that case, should be experiencing problems too if the site were under a DOS attack.
In fact, anyone planning a DDOS attack would find it easier to just take out the whole address range, thereby including all 3 sites, rather than focus on just the SCO/Caldera sites -- and for technical reasons alone. Never mind that they would *want* to target Canopy as well.
Given all this, it is a pretty safe bet that SCO/Caldera has taken its websites down itself.
Why? To protect themselves from a DDOS attack? No. Any decent firewall could take care of that for them. That's why I suspected that it was not DoS attack: they've simply been down too long.