Slashdot Mirror
Microsoft/Unisys Unix-bashing Site Runs FreeBSD
Several people sent in variations on this: "Kind of ironic to see that the the site, dubbed WeHaveTheWayOut from Microsoft and Unisys runs on an Apache Web server powered by FreeBSD. This could have made a great April Fools joke, unfortunately for Microsoft, you can verify it by using Netcraft." This is a follow-up to the original story a few days ago. Other readers noted that there's already a WeHaveTheWayIn site up. Wehavethewayout.com was returning Apache headers yesterday; today it's returning "Server: Microsoft-IIS/5.0", so it appears they've dumped FreeBSD in a hurry, or maybe just changed the headers.
they didn't just change the HTTP headers. nmap reporst:
:)
Remote OS guesses: Windows Me or Windows 2000 RC1 through final release, MS Wind
ows2000 Professional RC1/W2K Advance Server Beta3, Windows Millenium Edition v4.
90.3000
it also reports a number of interesting ports as open:
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
1433/tcp open ms-sql-s
2105/tcp open eklogin
3306/tcp open mysql
5900/tcp open vnc
whoever set this up did it in a real hurry.
Assorted stuff I do sometimes: Lemuria.org
They are running two servers at two different IPs. Apparently 130.94.214.143 is running their Windows 2000 IIS server and 198.63.57.204 is still running the Apache server on FreeBSD.
I guess what I am saying is "so what". Microsoft has disclosed the use of Linux for business critical function in their board report a few years ago. We also know that while eBay runs on IIS, the work really is on their database systems, which are on Sun equipment (AFAIK).
Click here or here.
FYI...
The old site (running BSD) is still up at: http://198.63.57.204/
The new site, running win2k/IIS is at: http://130.94.214.143
"... they probably just moved the domain..."
Yup. I said yesterday, their site was hosted by Verio, and their IP address was 198.63.57.204.
Today some people get the IP address as 130.94.214.143, which belongs to Microsoft. At my location, DNS still resolves it to 198.63.57.204.
Try this in your browser for fun:
http://130.94.214.143
and then
http://198.63.57.204
Ain't it neat? Both hosts are up and the name servers haven't all caught up with late yesterday's switchy-changy!
The interesting thing here is that the original site
is still online: http://198.63.57.204
Here's a little netcat "chat" I had with the old server
So it in some sense still runs FreeBSD
RavenZ
The full article is on page B2.
A lot more people will see that, and they are your boss, not you.
HTTP_USER_AGENT='"Mozilla/4.0 (compatible; MSIE 9.01; Windows NT Sucks)"'
I've been sending that header for a long time.
OSS browsers are getting a bit more respect lately, but there are still a lot of sites that only accept browsers with knows USER_AGENTs, so we continue to spoof.
You should know better than to believe stats based on unproven data.
:)
obligatory plug: headers spoofed by JunkBuster
URL 1: http://130.94.214.143/ (IIS)
connects_completed: 12373, responses_completed: 12373 (41.2433/sec), total_errors: 0
msecs/connect: 87.503 mean, 3082.84 max, 81.047 min, 81.308 95min, 84.234 95max
msecs/response: 87.5983 mean, 3098.43 max, 81.848 min, 82.295 95min, 91.204 95max
URL 2: http://198.63.57.204/ (BSD)
connects_completed: 12322, responses_completed: 12322 (41.0733/sec), total_errors: 0
msecs/connect: 17.4765 mean, 21009.6 max, 9.477 min, 9.75 95min, 12.135 95max
msecs/response: 47.6064 mean, 3013.33 max, 12.329 min, 12.651 95min, 162.082 95max
This is very unscientific, and it's only wrt to the index page on both sites. It'd be interesting to see a detailed side-by-side comparison of the two sites. How often will you get to compare a BSD machine against a Microsoft machine maintained by Microsoft themselves, hosting exactly the same content.
And that is confirmed by netcraft (yes netcraft seems slashdotted). The changeover happened just today, the BSD site was known up since March 28. I guess when you want something quickly, FreeBSD with RapidSite/Apache is the way to go. Then later on, when your employer starts pushing, you can always migrate towards the much harder to setup IIS server. hihi. I'm wondering if it has Minda yet.
--- Hindsight is 20/20, but walking backwards is not the answer.
To quote myself... "IP address as 130.94.214.143, which belongs to Microsoft."
Oops, a little check with ARIN shows that the new addy also belongs to Verio. Different server farm, I reckon. Sorry about the confusion.
-
Netcraft gathers their information not just by HTTP headers sent by the web server, but by SNMP as well. I imagine snmp_walk on a bsd box vs a windows box will have some tell-tale responses. So it very well could be header spoofing, but the HTTP headers don't mean anything.
This is the Internet. You can say "fuck" here. - AC
rooooar
here I noted that Unisys has many webservers running mostly WinNT, and run a variety of webserver sw on them mostly IIS but also Lotus Domino, and Netscape. And in at least one instance they run Apache on Red Hat Linux.
Also per this chart they also run Apache on two other 'unknown' Unix platforms.
Work for Change & GET PAID!
Interesting ports on www.wehavethewayout.com (130.94.214.143):
n ux-gnu%D=4/2%T ime=3CA9D035%O=21%C=20)E B2%IPID=I%TS=U)= I%TS=U)s p=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=M)N )
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)% DF=N%W=0%ACK=S++%Flags=AR%Ops=)= 0%ACK=O%Flags=R%Ops=)l ags=AR%Ops=)= 148%RID=E%RIPC K=E%UCK=0%ULEN=134%DAT=E)
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
1433/tcp open ms-sql-s
2105/tcp open eklogin
3306/tcp open mysql
5900/tcp open vnc
Remote OS guesses: MS Windows2000 Professional RC1/W2K Advance Server Beta3, Windows Millenium Edition v4.90.3000
Interesting ports on www.wehavethewayout.com (198.63.57.204):
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
554/tcp open rtsp
3306/tcp open mysql
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=2.54BETA22%P=i386-redhat-li
TSeq(Class=RI%gcd=1%SI=C
TSeq(Class=RI%gcd=1%SI=99E7%IPID
TSeq(Class=RI%gcd=1%SI=85D6%TS=U)
T1(Re
T2(Resp=
T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=M)
T5(Resp=Y
T6(Resp=Y%DF=N%W
T7(Resp=Y%DF=N%W=0%ACK=S%F
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Did anyone check the ftp servers?
g
ftp://198.63.57.204
/bin
/dev
/etc
/incomin
/pub
Unix server, probably FreeBSD
ftp://130.94.214.143
w2k 1405 Microsoft FTP Service(Version 5.0)
From just a couple minutes ago:
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
1433/tcp open ms-sql-s
2105/tcp open eklogin
3306/tcp open mysql
5900/tcp open vnc
Remote operating system guess: MS Windows2000 Professional RC1/W2K Advance Server Beta3
So it looks like it an out-of-the-box install... seems out that they'd be using vnc instead of terminal server for remote administration.
Well looks like everybody is just blindly quoting Yahoo/CNET w/o actually looking @ it.The site was returning Apache but the OS was not *BSD,but...SGI's IRIX.Just check out the hosting company ( rapidsite.com ).Hehe,judging by how "cheap" SGI's machines are I wish there is a way out.
i just tryed www.wehavethewayout.com ;)
;)
but the site is empty, possibly someone did some "remote administration"
ok, i dont think someone did, but guess what, the site renders perfectly
in every browser, must be because it's empty
lynx www.wehavethewayout.com
results in...
Alert!: HTTP/1.1 403 Access Forbidden
too bad you can't get IN to the way out. quite amusing--the switch from apache to iis and it takes less than a day for their site to go down. looks like the way out has crashed.
char *mySig;