Microsoft/Unisys Unix-bashing Site Runs FreeBSD
Several people sent in variations on this: "Kind of ironic to see that the the site, dubbed WeHaveTheWayOut from Microsoft and Unisys runs on an Apache Web server powered by FreeBSD. This could have made a great April Fools joke, unfortunately for Microsoft, you can verify it by using Netcraft." This is a follow-up to the original story a few days ago. Other readers noted that there's already a WeHaveTheWayIn site up. Wehavethewayout.com was returning Apache headers yesterday; today it's returning "Server: Microsoft-IIS/5.0", so it appears they've dumped FreeBSD in a hurry, or maybe just changed the headers.
they didn't just change the HTTP headers. nmap reporst:
:)
Remote OS guesses: Windows Me or Windows 2000 RC1 through final release, MS Wind
ows2000 Professional RC1/W2K Advance Server Beta3, Windows Millenium Edition v4.
90.3000
it also reports a number of interesting ports as open:
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
1433/tcp open ms-sql-s
2105/tcp open eklogin
3306/tcp open mysql
5900/tcp open vnc
whoever set this up did it in a real hurry.
Assorted stuff I do sometimes: Lemuria.org
They are running two servers at two different IPs. Apparently 130.94.214.143 is running their Windows 2000 IIS server and 198.63.57.204 is still running the Apache server on FreeBSD.
"... they probably just moved the domain..."
Yup. I said yesterday, their site was hosted by Verio, and their IP address was 198.63.57.204.
Today some people get the IP address as 130.94.214.143, which belongs to Microsoft. At my location, DNS still resolves it to 198.63.57.204.
Try this in your browser for fun:
http://130.94.214.143
and then
http://198.63.57.204
Ain't it neat? Both hosts are up and the name servers haven't all caught up with late yesterday's switchy-changy!
The full article is on page B2.
A lot more people will see that, and they are your boss, not you.
HTTP_USER_AGENT='"Mozilla/4.0 (compatible; MSIE 9.01; Windows NT Sucks)"'
I've been sending that header for a long time.
OSS browsers are getting a bit more respect lately, but there are still a lot of sites that only accept browsers with knows USER_AGENTs, so we continue to spoof.
You should know better than to believe stats based on unproven data.
:)
obligatory plug: headers spoofed by JunkBuster
Interesting ports on www.wehavethewayout.com (130.94.214.143):
n ux-gnu%D=4/2%T ime=3CA9D035%O=21%C=20)E B2%IPID=I%TS=U)= I%TS=U)s p=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=M)N )
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)% DF=N%W=0%ACK=S++%Flags=AR%Ops=)= 0%ACK=O%Flags=R%Ops=)l ags=AR%Ops=)= 148%RID=E%RIPC K=E%UCK=0%ULEN=134%DAT=E)
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
1433/tcp open ms-sql-s
2105/tcp open eklogin
3306/tcp open mysql
5900/tcp open vnc
Remote OS guesses: MS Windows2000 Professional RC1/W2K Advance Server Beta3, Windows Millenium Edition v4.90.3000
Interesting ports on www.wehavethewayout.com (198.63.57.204):
21/tcp open ftp
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
443/tcp open https
554/tcp open rtsp
3306/tcp open mysql
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=2.54BETA22%P=i386-redhat-li
TSeq(Class=RI%gcd=1%SI=C
TSeq(Class=RI%gcd=1%SI=99E7%IPID
TSeq(Class=RI%gcd=1%SI=85D6%TS=U)
T1(Re
T2(Resp=
T3(Resp=Y%DF=Y%W=402E%ACK=S++%Flags=AS%Ops=M)
T5(Resp=Y
T6(Resp=Y%DF=N%W
T7(Resp=Y%DF=N%W=0%ACK=S%F
PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.