OpenBSD 3.0 Honeypot Whitepaper

Tortured Potato writes "This white paper, by Michael Anuzis, details how he set up an OpenBSD 3.0 honeypot, watched it get cracked and then analyzed it -- all within 28 hours. Fascinating stuff...this is the first OpenBSD honeypot I've heard of."

Mmmm....

[Klerck]

Honey and pot... a perfect combination!

Re:Mmmm....

I love you Hunnybunny!

fp...

I can't believe I stooped to a fp!

Re:fp...

[Klerck]

Fuck ya, ya faggot AC!

You can suck onto my first post master penis.

Re:fp...

I am a slashbot gay boy through and through.
I crave your man-meat. Arhhgg... the desire is overwelhming me. Please. Please may I suck your dick. I don't care that it is so small. It just makes it easier to deep throught you.

Hugs, Kisses, and more Hugs. And maybe a slurp too.

--Boy-wonder, technoslut.

honey

[flaw1]

I hope that's love-honey.

OPEN SOURCE MISCONCEPTIONS by poopbot

OPEN SOURCE MISCONCEPTIONS
By Serial Troller

Myth: Open Source is written by heterosexuals.

Fact: All Open Source development is done by raging homosexuals. The more flaming examples include Anal Cox, Linus Turdballs, Eric Ass-Reaming Raymond, and the entire Slashdot crew. The ringleader of the slashdotters, a man named CmdrTaco, engages in a practice known as Taco-snotting, along with his faggot-buddies Jeff Homos Bates and CowBoiKneel.

Myth: Open Source is written for heterosexuals.

Fact: Using Open Source software can cause suppressed homosexual fantasies to surface, leading to all out flaming faggotry within 6-8 weeks. Anecdotes of otherwise hetero men turning queer are far too numerous to count, but a few examples stand out. In one case, a man was arrested loitering outside an elementary school and making sexual overtures to several children: he quickly confessed that shortly after installing the Mozilla browser on his computer, he began to have uncontrollable urges to, to put it simply, have his cock sucked off by little boys. He soon met several other like-minded men through discussions on the Bugger Zilla mailing list (all already homosexuals), who together kidnapped a total of seven children whom they brought back to their apartment and sodomized. The other two men are still at large and believed to still be using Mozilla.

Myth: Open Source is multicultural.

Fact: Open Source is openly racist.

Myth: Open Source is democratic.

Fact: Open Source is controlled by a few narrow-minded zealots (mentioned throughout this post), most of whom are either Communists, Stalinists, Nazis, or Fascists. Additionally, Open Source supports terrorism.

Myth: Open Source is tolerant of religious preferences.

Fact: Open Source developers regularly engage in holy wars over the superiority of various Open Source projects, such as the Emacs program (preferred by Christians) versus vi (used mostly by neo-pagans and Satanists); or the KDE desktop (a favorite among Muslims) versus the GNOME project (particularly favored by Jews). Posts initiating crusades or jihads against other developers can be found regularly throughout the newsgroups and mailing lists.

Myth: Open Source is tolerant of sexual preference.

Fact: See above. Either you are a homo, you become a homo, or you never visit Richard Stallman alone in his office and hope to God you never meet him on the street at night.

Myth: Open Source is tolerant of political differences.

Fact: Open Source is an anarcho-communist philosophy bent on the destruction of capitalism. The very same Richard Stallman, a man whose name is disturbingly reminiscent of Stalin, has stated several times in public that his vision includes the subjugation of all who own intellectual properties under the jackboot of the GPL. The GPL is a pernicious piece of literature lifted straight from Karl Marxs Communist Manifesto, and is fortunately banned in many democratic nations.

* * * * * UPDATE * * * * *

Myth: Open Source programming is a harlmess, healthy activity.

Fact: Open Source programming has been known to lead to massive obesity, violent tendencies with an obsession with handguns, paranoid-delusional ranting, and in severe cases, complete insanity. If anyone you know is thinking about going Open Source, stop them before its too late!

* * * * * UPDATE * * * * *

____________________

2002 Serial Troller. Permission to reproduce this document is granted provided that you send all the bukkake porn you can find to serialtroller@hotmail.com.

- poopbot: for all your crapflooding needs

Its a reminder

[mgv]

Of just how much you need a firewall these days.

Especially if you run windows.

Michael

Re:Its a reminder

Not really much good a firewall will do when you have the public who needs to get thru to port 80 and IIS is running. If you dont know how to fix the "out-of-box" MS security problems after install, then your you *ARE* screwed, no matter what you use in front.

Re:Its a reminder

Of just how much you need a firewall these days.
- Wrong assumption. Firewall cannot stop attacks. It can stop direct access to services what are not meant to served to outside world but it still lets traffic through. if you are relying on the firewall only then you will be facing many suprises...

Especially if you run windows.
-And have clueless admins. If system is configured wisely you do not need any hotfixes and patches to secure the system.

From the article:

[SuiteSisterMary]

Most honeypots out there tend to be Redhat Linux as it's has the worst record for security out of pretty much every OS out there

Oooh, dems fightin' words! (runs into the General Store and closes the curtains, peeking out)

Re:From the article:

[Rhinobird]

(dives behind watering trough)

Not sure, but he could be talking about just the *nix environments. If not then we have to go get the sheriff and the undertaker, there's a gonna be a shoot out!

Re:From the article:

Actually, most of the compromised servers were Redhat Linux in the version 6 days ( circa 1998-99) because all services were enabled by default, leaving the system wide open. Of course, inexperienced (stupid wouldn't be polite) admins share the blame.

I must say, around 1998, the Linux kernel and userland was terrible. It's come a long way, thanks to the ridiculous hype and commercial investment.

Re:From the article:

[SuiteSisterMary]

Actually, most of the compromised servers were Redhat Linux in the version 6 days ( circa 1998-99) because all services were enabled by default, leaving the system wide open. Of course, inexperienced (stupid wouldn't be polite) admins share the blame.

I've said it before, and I'll say it again. 10, 15, 20 years ago, the security advisories were all the same, only the names were different. SunOS, Solaris, HP-UX, IRIX. Sendmail, CERN httpd, X.

What is a honeypot?

[Crypt0rchid]

I think I'm not the only one who's reading this article and asking himself what a honeypot is. Could anyone please explain what it is? Thank you in advance.

Re:What is a honeypot?

[Klerck]

A honey pot is a pot in which you stick your erect penis to cover it in honey. After covering it in honey, you then proceed to place it in an anthill full of fire ants.

Re:What is a honeypot?

[Innomi]

A honeypot is a machine set up for the sole purpose of distracting hackers away from your main network by putting up an easy target.

Re:What is a honeypot?

[snake_dad]

You can learn a lot about honeypots and network security in general on the Honeynet site. Browse the challenges, and the results, and be amazed ;)

Re:What is a honeypot?

[Wakko+Warner]

On a similar note, what is your IP address?

- A.P.

Re:What is a honeypot?

Me Too!!! I thought I was the only one mashochistic enough to do that. But now I have a new friend!! Happy penis-anting, and I hope to share the experience with someone.

Give me your address, and I will be right over. Heh, I am already starting to leak pre-cum just at the thought of it (and you).

Hugs, Kisses, and more hugs. And some penis-anting as well.

--wonder boy, technoslut.

Re:What is a honeypot?

[Klerck]

Wow, I also thought I was the only one.

What do you say we get together tonight? I'll meet downtown at 8:00! You know where to go!

Do you do anal?

Re:What is a honeypot?

We all can agree that *BSD is a failure. Yet why did *BSD fail? Once you get past the fact that *BSD is fragmented between a myriad of incompatible kernels, there is the historical record of failure and of failed operating systems. *BSD experienced moderate success about 15 years ago in academic circles. Since then it has been in steady decline. We all know *BSD keeps losing market share but why? Is it the problematic personalities of many of the key players? Or is it larger than their troubled personalities?

The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful *BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for *BSD.

Re:What is a honeypot?

[RazzleDazzle]

I like you, you remind me of when I was young and stupid. I have yet to see an example of your wonderful and baseless statements.

Re:What is a honeypot?

[Beryllium+Sphere(tm)]

Not the sole purpose.

A honeypot is also a research tool into cracking trends and techniques.

Re:What is a honeypot?

[BarefootClown]

127.24.88.72. Why do you ask?

Re:What is a honeypot?

[evilviper]

warez.slashdot.org

Re:What is a honeypot?

192.168.0.1 but i have a honeypot set up on 127.0.0.1. Dare you to crack it.

Re:What is a honeypot?

Jeez, this doesn't even get a "Funny" moderation?

Re:What is a honeypot?

Well, I am running 88.0.0.0/24 at the moment. Why is that?

He didn't wipe out enough info on those images

http://www.google.ca/search?q=cache:b3jn4bU41cYC:w ww.omegapunx.org/+muffinface+band&hl=en&ie=UTF -8

Re:He didn't wipe out enough info on those images

[Fishstick]

I imagine so...
omegakidd

This is a Hoax

This is not possible we all know that oBSD can't be hacked, only redhat Linux and Windows.

Re:This is a Hoax

It's not a hoax, it's called a honey-pot system. It's intention is just that, to be hacked!

White paper ?

[kraf]

This white paper, by Michael Anuzis, details how he set up an OpenBSD 3.0 honeypot, watched it get cracked and then analyzed it -- all within 28 hours

You can do it with a default install in 30 minutes.

Re:White paper ?

[heimotikka]

You can do it with a default install in 30 minutes.

So you actually can predict that your box will be hacked by two individual hackers in 30 minutes, analyze what they were doing and write a doc about it? You'll need good timing. Please - please read the articles before begging for karma.

Re:White paper ?

[tep-sdsc]

The 30-minute timeframe (to the first intrusion on a default install) is not a bad guess. My logs show that many machines in my net are probed on average once every 15-180 minutes.

If the machines were default installs, they would have fallen. I'm seeing all the usual (for this week) stuff: SSH, apache, NIMBDA/Code.Red, FTP, etc.

Add about 15 minutes for installing a sniffer+hub in parallel instead of the single-host honeypot here, and 45-60 minutes of setup would get you a few hours of fun and amusement.

I think that the nost interesting part of this particular honeypot was the single honeypot system, instead of the victim + sniffer that I've used and almost always seen used.

Re:White paper ?

[heimotikka]

Yeah, let's not argue about time... Sweep scans are very common - I get mostly ftp-scans.
What I'm intrested is using virtual servers to fake a net of computers - virtual honeynet - net of honeypots. Could be cheaper and faster to setup than with real hardware. I've heard that there are people already doing this using usermodelinux. With that one could setup a honeypot in minutes...

Re:White paper ?

After hacking into the virtual honeypots, the intruder will most likely notice it's a virtual machine. He will then try to exploit the virtual machine program to gain access.

You just gave a new door for a hacker to enter your machine.

And seeing how you much you try to protect your machine will most likely excite the cracker.

use a real man's OS

[flaw1]

Windows doesn't come with shitty, insecure services like Apache2 and OpenSSH.

Re:use a real man's OS

[Junta]

Yeah, they just ship with really tight and secure IIS and Windows Media Player.....

Re:use a real man's OS

[esarjeant]

did anyone else notice the recently-cracked USA Today site switched from Solaris this year?

Hmm, I wonder if they're kicking themselves now.

Re:use a real man's OS

> did anyone else notice the recently-cracked USA Today site switched from Solaris this year?

Ah yes, they switched from Solaris to Windows 2000.

And, not only did they get cracked, but, according to Netcraft, their uptime has dropped from 100 days for Solaris, to an average of 23 days for Windows 2000.

new poll suggestion

[Lemon+Wacky+Hello]

what girl is the hottest

Jessica Alba

Natalie Portman

Jessica Alba

Natalie Portman

Jessica Alba

Natalie Portman

Re:new poll suggestion

Whoah dude you missed out on something! She's Dark angel on TV. Here she is:

http://www.jessicaalba.net/wallpaper.html

freedumb strikes a gain

The Harken Tale: Harken Energy purchased Bushboy's worthless oil company Spectrum7 for $2 million (bailing Bushboy out of big debts) in the late 80s and put Bushboy on their board and paid him a $120,000/year "consulting fee." Harken then lent Bushboy $180,000 so he could buy Harken stock. Bushboy was on their Board and was a member of their 3 man "Audit group" which was privy to the companies financial woes in 1990. After being briefed about Harken's cash flow problems in April, 1990, Bushboy sells his stock in June, 1990, when some mystery investor pays him $848,000 based on a "cold call" made by some stock broker (this is what the Bushboy people really say). In August, 1990 the poor financial condition of Harken becomes known and the stock drops like a rock to 1/4 its value when Bushboy sold it. Bushboy fails to report the sale of the stock by the 10th day of the month following the sale as required by law. He doesn't file the necessary SEC documents until 36 weeks later! The SEC head was appointed by Bushdaddy who is now president. Although the head of the SEC, Mr. Doty, was Bushboy's personal attorney, he doesn't recuse himself from any judgement of Bushboy and although the SEC refuses to exonerate Bushboy's criminal conduct it chooses not to investigate or prosecute (surprise!). The whole Bushboy/Harken deal stinks to high heaven and makes Whitewater seem like the jaywalking that it was in comparison, but Bushboy and the GOPers will block any attempt to investigate and hire a Special Prosecutor as they were so quick to do in Whitewater. Harken will be Whitewashed, as is everything else in Bushboy's sleazy past.

see also: komanduh tahoe's NEXT employer

First OpenBSD honeypot

[snake_dad]

this is the first OpenBSD honeypot I've heard of

Which is not very surprising for an OS that has had "One remote hole in the default install, in nearly 6 years!". An interesting read 'though.

By the way, there is a slashbox for OpenBSD Journal, which can be enabled here. It featured this story yesterday.

Re:First OpenBSD honeypot

[platypus]

Well that doesn't mean you're secure.
It's worth remembering for some OpenBSD worshipping newbie zealots that every OS is as secure as the admin installing/maintaining the server.
Let me say that I know the seasoned OpenBSD users surely are not prone to that, but that is true for (nearly) any OS, and for all *nixes.

Re:First OpenBSD honeypot

[jazman_777]

It's worth remembering for some OpenBSD worshipping newbie zealots that every OS is as secure as the admin installing/maintaining the server.

Given two equally paranoid and skilled sysadmins, the one using OpenBSD has a head start over the one using Linux. Linux machines are owned so easily and often, it often occurs to admins, "gee, maybe I should study all the crackers roaming about my boxes."

Info on the 'Hacker'

[DeeEm]

If anyones interested, the website for the 'hacker' is omegapunx.org, his msn name is omegakidd@hotmail.com
E-Mail: omegakidd@tfz.net
E-Mail2: omegakidd@cheguevara.zzn.com
aim: eromlenosam
aim2: shoogy maple
aim3: satan the killer
msn: omegakidd@hotmail.com
yahoo: omegakidd
irc@efnet: omegakidd

Re:Info on the 'Hacker'

The hackers web page is now suffering the /. effect. Thats some sweet irony.

Re:Info on the 'Hacker'

[gTsiros]

"aim: eromlenosam"

mason elmore?

Re:Info on the 'Hacker'

[omegakidd]

yep.

Enough with the political correctness!

[Second_Derivative]

Why the consistent use of "he/she"? I'm sorry but I've yet to see anyone of the female persuasion who is enough of a lowlife to become a script kiddie.

Re:Enough with the political correctness!

That bugs the SHIT out of me.

Why not just say "they"?

Damn people!

Re:Enough with the political correctness!

[JerkBoB]

Why the consistent use of "he/she"?

Perhaps Elmore is transgendered? Observe (from http://www.omegapunx.org):

My brother's girlfriend Danyel gave me this purply long skirt thingy. It is soo cool. I would wear it to school tommorow, but there are these kids in the loccer room who hate gay people. They say things like "Man, if you are gay I am going to kick your ass." And stuff like that. So, they would probably think I am gay or something and kick my ass. Welp, what are you going to do in this world these days.

Re:Enough with the political correctness!

[lucius]

Because it's incorrect. "They" is plural.

English has no gender-neutral nominative singular pronoun, fool.

Re:Enough with the political correctness!

What about "Trinity"? Didn't she crack the IRS d-base? You're not the only one who thinks she's a guy however...

Re:Enough with the political correctness!

If everyone started using it in the singular then it would become correct.

Then we would have the 'gender-neutral nominative singular pronoun' that we need.

You can usually tell if it is plural from context.

Let the English language continue to evolve as it has in the past... incorrect my ass

Fool.

Re:Enough with the political correctness!

[AndrewHowe]

Then what are "I" and "you"?
You clearly don't know what you are talking about, because the case (you said nominative) is irrelevant here.
It's in the third person singular that English has gender specific pronouns, and that goes for nominative (he/she), oblique (him/her) and genitive (his/her).
So who is the fool?

Re:Enough with the political correctness!

[Beetjebrak]

IT would be a proper word for a script kiddy.

Re:Enough with the political correctness!

[CarrionBird]

Am I the only one who remebers being taught in school that he rather than he/she is correct when gender is indefinite? Has English been rewritten too?

Cracking the Honeypot

[hugesmile]

I took a honetpot to Prom, and it took me 28 hours to crack her and analyze it too....

google cache link

Muffinface Google search

ph34r omegapunx

[nyquist_theorem]

obligatory link to omegapunx's google-cached website is here

the best entry is certainly May 31st, when this gem appeared:

It seems to me that the Americans are actually the terrorists. I would elaborate right now but I am too lazy to type that much right now.
9:30PM: I had some fun with smoke bombs. I lit like 5 in my back yard and there was this pretty big smoke could going into my front yard. Sense it looked so cool I searched for some more smoke bombs, and all I could find was like 3. But then I lit them in the feild and that was cool. There was this cloud of blue smoke like 4 and a half feet from the ground. It was soo cool.

Re:ph34r omegapunx

[nerdguy0]

Who wants to visit him, looks like a home adderess:

Registrant:
OmegaPunx
5233 Welcome Ave N.
Crystal, Minnesota 55429
US

Registrar: Dotster (http://www.dotster.com)
Domain Name: OMEGAPUNX.ORG
Created on: 03-MAY-02
Expires on: 03-MAY-03
Last Updated on: 03-MAY-02

Administrative, Technical Contact:
Elmore, Mason omegakidd@tfz.net
OmegaPunx
5233 Welcome Ave N.
Crystal, Minnesota 55429
US
(763)531-0637

Here's a map, and an picture of his house.

Re:ph34r omegapunx

Anybody want to slip this location into the USAF's mainframe, so that they'll bomb him instead of innocent Afghans?

Re:ph34r omegapunx

Who is omegapunx and what does this have to do with anything?

Re:ph34r omegapunx

ph34r this

yikes!

Re:ph34r omegapunx

[satanami69]

The picture in the mapquest link is better. Look for the tab that says "Aeirel photo". It's in color too.

Or OpenBSD

[its a reminder] of just how much you need a firewall these days.

Especially if you run windows.

Who said anything about windows? The whitepapar was about a vulnerability in OpenBSD being exploited. So perhaps you should have said:

"its a reminder or just how much you need a firewall these days" and left it at that.

My favorite quote...

[twistedcubic]

My brother's girlfriend Danyel gave me this purply long skirt thingy. It is soo cool. I would wear it to school tommorow, but there are these kids in the loccer room who hate gay people. They say things like "Man, if you are gay I am going to kick your ass." And stuff like that. So, they would probably think I am gay or something and kick my ass. Welp, what are you going to do in this world these days.

Re:My favorite quote...

[omegakidd]

Yeah, that skirt is soo cool.

Doesn't this prove at secure systems are bad ?

[Krapangor]

Well, there isn't really such a thing like a secure system.
So all this pro-OpenBSD propaganda by Theo de Rat saying "OpenBSD is secure, really, always" is rather a bad thing. I lulls sysadms into the belief that their system is save, making them unaware of the fact that a system is never secure at all.
Of course, the sources of every OS should be explicitly checked for security holes. But this shouldn't be the single feature of an OS. In fact claiming an OS "secure" just due to these checks is serving security rather badly.
I sometimes wonder if the OpenBSD project hasn't excatly the opposite effects than intended by it's maintainers for these very reasons. On the other hand there are some cynical commentators out there, who claim that the main intend of OpenBSD is to boost Theo's ego.

Re:Doesn't this prove at secure systems are bad ?

[platypus]

yupp

Re:Doesn't this prove at secure systems are bad ?

[RazzleDazzle]

What maintainers are you talking about that have said that OpenBSD is a system that needs no attention once it is up and running? If anyone installs any operating system, they should be aware of insecurites. It doesn't matter that one OS seems to have slightly more or less MARKETING as being secure; if you buy or use a product based on marketing, you deserve what you get. I don't recall any of the OpenBSD maintainers claiming their OS is so good you will not ever be hacked. If the admins don't upkeep their system, they will be exploited.

Re:Doesn't this prove at secure systems are bad ?

[RazzleDazzle]

Of course I notice that July 2, 02 is when the majority of these took place. Hmmmm... popular exploit is found in a program that everyone has enabled (probably everyone has SSHD enabled). Slow, unimformed, uncarring sysadmins don't know or dont care to patch their systems. From Feb 11, 2000 to July 1, 2002 (over 2 years) there are only about 1/10 of the defacements. Not bad I would say. This doesn't prove much about OpenBSD except that there are some incompetent admins using it.

Re:Doesn't this prove at secure systems are bad ?

[deanpole]

I use OpenBSD. My biggest complaint is that binary updates are not provided, even though the initial installtion was from binaries. No, we need to manually patch, build, install, and configure. For this reason, unless you are a skilled and determined software developer, OpenBSD could easily be less secure for you. Theo you suck.

Does Theo realize this behavior will make unpached openbsd system more likely, thus encouraging greater deveopment of root kits?

Re:Doesn't this prove at secure systems are bad ?

[LionMan]

Note that statistically,
0.31% of defaced sites were running OpenBSD, which greatly contrasts with netcraft's statistics that over 59% of indexed web sites use the Apache httpd server, and considering that Apache runs on the BSD's, Linux, commercial *nix's, Windows, MacOS ... even assuming an equal distribution, this means that the defaced sites are at least two orders of magnitude less than the total sites using OpenBSD (ok, that is a lot of assuming, but I couldn't find statistics of server OS distribution).

Re:Doesn't this prove at secure systems are bad ?

and really what does binary patches do for security? If you dont like OpenBSD, don't use it, and stop your bitching...

Re:Doesn't this prove at secure systems are bad ?

[Zenki]

You also have to account for the percentage of Apache httpd servers running on which operating system.

0.31% of defaced sites being OpenBSD is impressive by itself. However, if 0.31% of the defaced sites translates to 100% of the OpenBSD web server installations out there, then you have a real problem.

Re:Doesn't this prove at secure systems are bad ?

[gregorio]

I lulls sysadms into the belief that their system is save, making them unaware of the fact that a system is never secure at all.

This is a honeypot, It was engineered to be *vulnerable*, they are not talking about OpenBSD as a whole, only this installation.

Re:Doesn't this prove at secure systems are bad ?

[bcaulf]

We should note that it is absolutely easy to create an easily attacked Apache configuration, no matter what the O/S. Indeed, software like Apache, which takes orders from strangers over the Internet and plugs into any number of other random software systems on the server, is impossible to secure in a systematic idiot-proof way. Apache serving flat HTML, no problem. Apache doing dynamic things, forget it. It is going to require expertise and configuration management to achieve any kind of security.

When a site running on an O/S is defaced, that does not necessarily have anything at all to do with the O/S.

fraction of cracked boxes

This makes me wonder what's the proportion of cracked to uncracked machines. I know I've had a box cracked from underneath me and I've found a set of other cracked boxes, but I wonder how many I've missed. Granted, I probably wouldn't have missed MuffinFace and his posse, but man.

I think it may be time to knuckle down and write a *good* set of iptable rules instead of the wacky mash I've got now.

Obligatory anti-linux statement

[Hieronymus+Howard]

Why is it that BSD users always feel the need to knock Linux? This article kicks off with "Most honeypots out there tend to be Redhat Linux as it's has the worst record for security out of pretty much every OS out there". RH is pretty damn secure compared with Windows, which seems to have a major security alert almost every day.

HH

Re:Obligatory anti-linux statement

Maybe because it would be pretty silly for linux people to bitch about themselves ? :)

Re:Obligatory anti-linux statement

Short answer: desperation. *BSD is fading away and there is frustration and resentment in the increasingly morose *BSD community. Sure, we all know that *BSD is a failure, but why? Why did *BSD fail? Once you get past the fact that *BSD is fragmented between a myriad of incompatible kernels, there is the historical record of failure and of failed operating systems. *BSD experienced moderate success about 15 years ago in academic circles. Since then it has been in steady decline. We all know *BSD keeps losing market share but why? Is it the problematic personalities of many of the key players? Or is it larger than their troubled personalities?

The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful *BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for *BSD.

Re:Obligatory anti-linux statement

PS

my penis is dying too

Re:Obligatory anti-linux statement

[HappyPhunBall]

Because it is true...but wait! It is true because RH is by far the most common Linux one could hope to encounter on the net, especially in the hands of neophyte 'nix users. Any other distro that strives to knock RH out of the top spot should also be prepared to wear the most hacked crown. Does this mean that RH is really less secure than other Linux distros? Not in my experience it, it just happens to be very popular and thus a likely target. RH has produced some less than stellar distros in the past, but I would feel comfortable putting 7.2 or 7.3 up against any other offering available currently. That includes FreeBSD and OpenBSD as well. I run all of them for different reasons, and they all are vulnerable to attack to various degrees. Vulnerable is vulnerable, but I think popular tells the real story here.

Re:Obligatory anti-linux statement

Why is it that Linux users always feel the need to knock Windows? Your post said "RH is pretty damn secure compared with Windows, which seems to have a major security alert almost every day". Windows is pretty damn secure compared with many OS's.

Did you ever think that as Linux is to Windows, BSD is to Linux ;o)

Re:Obligatory anti-linux statement

[phoxix]

Stuff that effects Redhat not only effects redhat, but the rest of the open source community itself. Last time I checked, redhat used mostly standardized open source software to get the job done. (i.e. openssh for sshd, apache for httpd, etc)

So when redhat has a new securty flaw, it isn't so much as a redhat problem as it is to a open source community security flaw.

Sunny Dubey

Re:Obligatory anti-linux statement

[GigsVT]

The problem with Red Hat was that a default install used to throw a million half-configured, un-firewalled, and unneeded services.

The emphasis is because this is no longer true. A basic firewall is installed by default unless you explicitely say not to during the install, and the only questionable service that is left running is sunrpc. (probably because the errors caused by it not running when it needs to be aren't always very clear). Of course a home user probably doesn't need sunrpc.

Other than sunrpc, I think the only other running services are sshd, sendmail, configured to only accept connections from localhost, and maybe one more I am forgetting. The point is, Red Hat is pretty damn secure now, by default.

Re:Obligatory anti-linux statement

[JoeBuck]

I like the folks at Red Hat, they have made huge contributions to everyone. The OpenBSD folks, for example, can't build a single executable without using a compiler that has been developed and maintained largely by Red Hat folks over the last ten years (about 50% of all gcc development work over the last decade, if not more, has been by Red Hat/Cygnus people, and it was their business/marketing people that got the funding to allow all those guys to work full-time on gcc).

Nevertheless, Red Hat has in the past put out releases that were horribly insecure, and this has been a problem for the net as a whole. They've gotten much better, but by the time a release sold in stores requires so many updates to make it secure that it would take 12 hours to download them all on a dialup modem, that makes the retail version dangerous to the public, a product that should be recalled. This goes both for Windows and Linux. Bad security doesn't just affect the owner of the system, an "owned" system is commonly used as a launch pad for distributed denial of service attacks.

Maybe the thing to do is to get any BSD or Linux distribution that is sold at retail or shipped on CDs that might not be current, to "phone home" the first time the system is connected to the net (telling the user what is happening, of course), so that the very first thing that happens is that all security updates that enable remote exploits get installed.

Re:Obligatory anti-linux statement

ooohhh - cant give this a point because it is favourable to windows - get a life moderators.

Re:Obligatory anti-linux statement

[norwoodites]

This is not entirely true. Out of the 12 people who have blanket write privs. 8 are from redhat, but out of the about 2364 recent changes to gcc, less halve of the changes were made by redhat people. Most of the changes by non-redhat people have been major changes to gcc. Redhat for generic simd support which is pretty cool but it still needs some work. The cpp (the c pre-processor) has been bumped up. The new

Re:Obligatory anti-linux statement

Why is it that BSD users always feel the need to knock Linux?

Because we're smart enough to choose an OS that's easy to use and maintain, instead of choosing the awful Rube Goldberg contraptions distributed by RedHat and Mandrake.

I tried to add a user, but the bowling ball fell off the track, and now the web server is down!

Re:Obligatory anti-linux statement

Short answer: desperation. *BSD is fading away and there is frustration and resentment in the increasingly morose *BSD community. Sure, we all know that *BSD really is a failure, but why? Why did *BSD fail? Once you get past the fact that *BSD is fragmented between a myriad of incompatible kernels, there is the historical record of failure and of failed operating systems. *BSD experienced moderate success about 15 years ago in academic circles. Since then it has been in steady decline. We all know *BSD keeps losing market share but why? Is it the problematic personalities of many of the key players? Or is it larger than their troubled personalities?

The record is clear on one thing: no operating system has ever come back from the grave. Efforts to resuscitate *BSD are one step away from spiritualists wishing to communicate with the dead. As the situation grows more desperate for the adherents of this doomed OS, the sorrow takes hold. An unremitting gloom hangs like a death shroud over a once hopeful *BSD community. The hope is gone; a mournful nostalgia has settled in. Now is the end time for *BSD.

Re:Obligatory anti-linux statement

it's because the original post sucks, dumbass. cite me a widely-used system less secure than windows.

In Other News SecureBSD released

After Theo lost his precious "no remote hole" boast he has started up another project named SecureBSD.

*BSD is dying

It is official; Netcraft confirms: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

Re:*BSD is dying

ps

My penis is dying too

Big Mistake

I think you are greatly mistaken. There is no need to chose. Have both! Set up a nice threesome, between miss Portman, and miss Alba.

Or aren't you man enough to keep up with 2 hot young babes? (I don't know who Jessica Alba is, but I assume she is young and hot).

Signing out,
--wonder-boy, technoslut.
(Yeah, I am probably bi-sexual or something, but I think that is sufficient to be a slashdot gay boy. Well, I hope it is. Where else can I get daily gay porn??)

IP

Do you have an I?. Then we can all be leet haxors and see if we can break into his box. My bet is that there is at least someone on slashdot that could break in(I am pretty darn sure there are quite a large number of highly skilled black hats that read slashdot.).

The End of *BSD

The End of FreeBSD

[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD]

When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project.

Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it.

FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile.

It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics.

So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project.

Discussion

I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly.

From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished.

There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want.

Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress.

Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers?

Shouts

To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad.

To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals. It's when you get distracted by the politickers that they sideline you. The tireless work that you perform keeping the system clean and building is what provides the platform for the obsessives and the prima donnas to have their moments in the sun. In the end, we need you all; in order to go forwards we must first avoid going backwards.

To the paranoid conspiracy theorists - yes, I work for Apple too. No, my resignation wasn't on Steve's direct orders, or in any way related to work I'm doing, may do, may not do, or indeed what was in the tea I had at lunchtime today. It's about real problems that the project faces, real problems that the project has brought upon itself. You can't escape them by inventing excuses about outside influence, the problem stems from within.

To the politically obsessed - give it a break, if you can. No, the project isn't a lemonade stand anymore, but it's not a world-spanning corporate juggernaut either and some of the more grandiose visions going around are in need of a solid dose of reality. Keep it simple, stupid.

To the grandstanders, the prima donnas, and anyone that thinks that they can hold the project to ransom for their own agenda - give it a break, if you can. When the current core were elected, we took a conscious stand against vigorous sanctions, and some of you have exploited that. A new core is going to have to decide whether to repeat this mistake or get tough. I hope they learn from our errors.

Future

I started work on FreeBSD because it was fun. If I'm going to continue, it has to be fun again. There are things I still feel obligated to do, and with any luck I'll find the time to meet those obligations.

However I don't feel an obligation to get involved in the political mess the project is in right now. I tried, I burnt out. I don't feel that my efforts were worthwhile. So I won't be standing for election, I won't be shouting from the sidelines, and I probably won't vote in the next round of ballots.

You could say I'm packing up my toys. I'm not going home just yet, but I'm not going to play unless you can work out how to make the project somewhere fun to be again.

= Mike

--

To announce that there must be no criticism of the president, or that we are to stand by the president, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. -- Theodore Roosevelt

Calling all niggers, jigaboos, spooks, and spades

Hey, gang. Sit back and have a laugh at this outrageous collection of porch monkeys:

1. Nigger 1
2. Nigger 2
3. Nigger 3
4. Nigger 4
5. Nigger 5
6. Nigger 6
7. Nigger 7
8. Nigger 8
9. Nigger 9

OmegaPunx's aka Elmore Mason's Phone Number

From Betterwhois.com

Registrant:
OmegaPunx
5233 Welcome Ave N.
Crystal, Minnesota 55429
US

Registrar: Dotster (http://www.dotster.com)
Domain Name: OMEGAPUNX.ORG
Created on: 03-MAY-02
Expires on: 03-MAY-03
Last Updated on: 03-MAY-02

Administrative, Technical Contact:
Elmore, Mason omegakidd@tfz.net
OmegaPunx
5233 Welcome Ave N.
Crystal, Minnesota 55429
US
(763)531-0637
I tried calling the number, but no one answered (at 9:30AM EST) let me know if

Re:OmegaPunx's aka Elmore Mason's Phone Number

i called it and his mother picked up. didn't say anything, just muted the phone and giggled. gosh what a wanker.

Re:OmegaPunx's aka Elmore Mason's Phone Number

You or mr. Mason?

Re:OmegaPunx's aka Elmore Mason's Phone Number

[RazzleDazzle]

HAHAHA... this is like 25 minutes from my house, maybe I should drive over there and wait for him and take some pictures and post them online and send them to the Mike A, and maybe one to the kid himself with a link to the story about how he *hacked*(snickering) a honeypot. There could be a ton of fun with this. HA... plus in a few hours I am going to the TC BSD User Group meeting. I wonder if his momma is gonna drop him off there... :) I will be looking for you Mason Elmore a.k.a. OmegaKidd

Re:OmegaPunx's aka Elmore Mason's Phone Number

I called him, he answered

I asked him if he knew he was the most famous dumbass on slashdot, he said 'yeah'

i hung up

Re:OmegaPunx's aka Elmore Mason's Phone Number

You don't need to, he's already posted pictures of himself online.

Grr, avoiding the lameness filter since I'm a fast typist...

Re:OmegaPunx's aka Elmore Mason's Phone Number

I called... he knows he got posted. Slashdot his phone line! His momma sounds pissed too :-)

Re:OmegaPunx's aka Elmore Mason's Phone Number

[omegakidd]

eh. that was my sister.

Re:OmegaPunx's aka Elmore Mason's Phone Number

Glad to get the confirmation. I've called the MN state attorney general. Hope you got a document shredder.

Re:OmegaPunx's aka Elmore Mason's Phone Number

[RazzleDazzle]

Just a quick and dirty follow-up, he was not at the TCBUG meeting. And maybe I could take some pictures of him that looked nice and clear. I have access to a nice 3.1 gigapixel camera and it could blow away his apparently $.50 camera. What dirty pictures he has, how could someone sell a camera that sucks as bad as his??? I did notice he was taking a lot of pictures with the camera facing the light on the ceiling.

Re:OmegaPunx's aka Elmore Mason's Phone Number

What do you expect from the "kids" LegoCam?

What's a white paper?

[Futurepower(R)]

Title: "OpenBSD 3.0 Honeypot Whitepaper"

What's a white paper? In this case it isn't paper.

Are there other colors? Could he have written a gray paper? Why not go all the way and call it a purple paper?

Re:What's a white paper?

The term "whitepaper" refers to a technical specification and/or writing of a document. Yes, there are other types of papers.

Excellent learning resource!

[Demerara]

This article is valuable not so much for how to set up a honeypot (and no doubt this discussion will ventilate that issue) but, to a security newbie (me), it shows how the analysis of the logs proceeded.
Nice one. One question though - why not publish the IP of the hackers? Why protect their anonymity?

Re:Excellent learning resource!

Good question. Corny, isn't it?

Re:Excellent learning resource!

We (try to) hide the IP/information of the hackers since we respect their privacy, and hope they do the same. Also, we don't want any vigilante white-hats who think it's their mission to DDoS the "bad guys" going after anyone, etc.

When Bruce Perens says

"It is not the job of Linux advocates to promote BSD" when the topic was Open Source, what makes YOU think a BSD advocate should spend any time defending GNU/Linux?

You are seeing the reaping of what 'the leaders of Linux' sow.

Comment removed

[account_deleted]

Comment removed based on user account deletion

I thought

[pardasaniman]

I thought this had something to do with Winnie the Pooh using BSD. Oh well.

active honeypot - 200.49.83.130

He's a Windows honeypot, in case anyone wants to practice (note: please be nice, you are beign watched :)

200.49.83.130

Re:active honeypot - 200.49.83.130

[Strog]

A post from an AC doesn't make me feel warm and fuzzy that this IP really is a honeypot and not a former employer/bank/gav/etc. they want hacked.

I'm not saying it isn't but I just would have some reservations about it being legit.

Re:active honeypot - 200.49.83.130

[ZigMonty]

The IP's host name is host083130.metrored.net.ar if anyone cares. ar is Argentina isn't it? It looks like a dialup or other home connection. It certainly isn't www.whitehouse.gov or anything like that.

Obscuring the IP

[tg_schlacht]

Well for one thing the IP may be dynamic. Some other person may have been assigned that IP. Another thing is that they might have been working from a compromised system (though I doubt that in this case.)

In any case the anonymity of at least one of them was not really too well protected as several of the posts above indicate.

NAT issue

[deepchasm]

From the article:

If the hacker is smart enough to find out with a simple 'ps ax' that the processes you're running aren't the same as the processes he or she may have seen when they port scanned you (if they take the time to do that), they may realize port forwarding is going on which may raise suspicion

Firstly, assuming they used a tool like "nmap" to do the portscan they would already know that some of the ports are forwarded - nmap states which ones are in the results of the scan (I believe it can tell by the differences in TCP sequence numbers.)

Secondly, why would this detract from the realism of the situation? Not everyone who wants to provide limited services on the internet buys additional IPs. I know I don't have the money to!

Julian

Re:NAT issue

OpenBSD uses random TCP sequence numbers, therefore it isn't very useful to nmap openbsd for finding initial sequence numbers when the firewall admin could simply apply "modulate state" for extra protection. For documentation man pf.conf(5) and search on down for "STATE MODULATION".

Re:NAT issue

[netcoyote]

I have a /29 network on my DSL at home. So I put a honeypot behind a bridged firewall. From the outside the world, no one can see the firewall. I allowed all in bound traffic, but blocked outbound traffic from the honeypot. I set up a tcpdump to log all traffice to the honeypot so I could see what was happening. It's a nice solution for honeypot

Re:NAT issue

OpenBSD uses random TCP sequence numbers, therefore it isn't very useful to nmap openbsd for finding initial sequence numbers

Every reasonable OS in the world uses random TCP sequence numbers. Doing otherwise creates a major security hole, as was documented as early as 1985.

Re:NAT issue

I thought that it was because an OpenBSD firewall didn't change the TTL, thus making it effectively invisible.

want to know who ;-)

A quick serach for the band NAME "Muffinface"in the article and viola

Please be gentle :-)

Friday May 10th, 2002
At this moment I am uploading all of my music to this comp so it can go on this web page. Tommorow the band that I am in, Muffinface, will be playing at my friends house. So that is cool. That is all for today. Oh yeah, and also for the music. If you want ftp access, when it is up. The username and password will be music. And the FTP is just omegapunx.org port 21.

Re:want to know who ;-)

on his "links" page his lists Slashdot. Of course, he links to 'www.slashdot.org' showing he has no idea...

Re:want to know who ;-)

slashdot.org was the original doman dumbass. .com came later.

Re:want to know who ;-)

[cureless]

There's a slashdot.com!? .... wow, you learn new things every day.

cl

Re:want to know who ;-)

[Strog]

The problem isn't with slashdot.org but with the www. part. Used to have problems with the cookies if you used www.slashdot.org instead of slashdot.org. Maybe you should watch who you are calling names if you don't understand either. But, this is /. afterall so I wouldn't expect anything less from an AC.

Firewall, shmirewall

[alienmole]

Its a reminder

Of just how much you need a firewall these days.

Let's think that through. Let's say this honeypot had a standard packet-filtering firewall in front of it, e.g. the kind implemented by ipchains in Linux. Assume there are two services which we wish to expose to the outside world: Apache and SSH. So we set the firewall to forward all HTTP connections to Apache and all SSH connections to OpenSSH.

Now, how secure is this network? You've got a firewall, so you're secure, right? Just two minor little flaws: the security holes mentioned in the article are in Apache and SSH. Your firewall didn't add any security at all! You're just as exposed as the next guy with no firewall.

Sticking a firewall in front of your network and thinking you're secure can be very dangerous, if it lulls you into thinking that the machines behind the firewall are now secure. Most exploitable holes are not on the thousands of unused ports that a firewall blocks - they're on the ports that the firewall lets through.

I should mention that with a stateful firewall, you can get greater security, since it monitors the actual content of the connection and may be able to detect hack attempts. However, stateful firewalls tend to be more expensive, less transparent (require more maintenance), and if they're commercial, more expensive. And many hacks can't even be detected by a stateful firewall, and there are all sorts of tunneling tricks that can be used to circumvent this kind of security. Ultimately, the only way to be secure is to make sure that every box that can be accessed from the outside is completely secure.

Especially if you run windows.

Along those lines, one of my favorite firewall-related quotes came from a sysadmin whose mail server and entire internal 70-station LAN had been infected by NIMDA: "But we have a firewall! How did it get through??"

Re:Firewall, shmirewall

Maybe I read your reply wrong, but sounds like you don't understand the point of a honey-pot system. It's intension *IS* to get hacked into!

Stateful firewalling (such as IPF or PF) in BSD is a lot better than ipchains, especially considering they're not pseudo-stateful but rather true stateful firewalls. On another note, when you us the word forwarding, not all firewalls 'forward'. My main OpenBSD is ipless (no one can access it) and doesn't do ip forwarding, yet filters @ layer 2 & 3, statefully! Now if filtering was setup normally, in a non-honey-pot system then this would be ok + s/key disabled.

PS: Nimda is a virus, not related to packet filtering firewalls.

Re:Firewall, shmirewall

[alienmole]

Yes, you read my reply wrong. I was replying to someone who suggested that this article indicated the need for firewalls, and pointing out that firewalls don't necessarily protect you from attacks like these.

I agree that a lot can be done with stateful firewalls. My point was really to dispel the notion that many people have that any old firewall will protect you from attacks like these. Although in the end, it's kinda futile, since just the word "firewall" conjures up visions of shiny magic boxes in people's heads, and overcoming the marketing is tough.

As for Nimda, IIRC it spread through HTTP attacks as well as email, so it was more of a worm than a virus. Regardless, it is related to firewalls in the way implied by the previous paragraph. There are people out there who believe that their firewall protects them from exploits like Nimda. In fact, Nimda is a great case in point, since even if you had a stateful firewall which prevent the Nimda HTTP hack, your workstations could still become infected via email, potentially ultimately infecting your servers, and once again proving that admins shouldn't believe everything the slick salesman told them about the $18,000 Checkpoint Firewall-1 they just bought.

Re:Firewall, shmirewall

[evilviper]

You are correct, to a point... Stateful packet filtering can be more secure, but certainly not for reasons you suggest.

Stateful packet filters only check the first packet, and then only for the source, some flags, and then pass it through. Then it will make sure that following pieces of the conversation are limited to the same source, destination, and ports. What good does this do? Well, instead of just blindly passing ports through, you can say that inbound connections are only allowed if they are responses to outbound requests (net client), and vise versa (net servers).

with a stateful firewall, you can get greater security, since it monitors the actual content of the connection and may be able to detect hack attempts

I'm afraid that's just not true. A stateful firewall is really only concered with the protocol, flags that are initally set, and source and dest ports. The contents could be pure random binary data sent to Apache or SSH, the firewall doesn't care.

So, if your firewall is set to allow connections to Apache and SSH, the worm or exploit will still get through. As far as more secure, you could configure your firewall to prevent outbound connections, stopping the spread of worms from your machine to others, preventing the use of your machine to attack others, and preventing outbound connections (e.g. Sub7, outgoing e-mails, et al.)... However, even in that restrictive configuration, you are just as susceptible to an attacker connecting with SSH, or an exploit sending a: rm -rf /

So, properly configured, a stateful firewall still can NOT prevent you from being exploited. However, it can prevent your server from being of any use to an attacker (or a worm).

Re:Firewall, shmirewall

"My main OpenBSD is ipless (no one can access it)..." Are you absolutely sure about that? I ask because I am quite sure that you are wrong.

Re:Firewall, shmirewall

[alienmole]

Stateful packet filters only check the first packet, and then only for the source, some flags, and then pass it through. Then it will make sure that following pieces of the conversation are limited to the same source, destination, and ports.

You're correct that a firewall which exclusively perform OSI layer-3&4 stateful inspection works like this. I was speaking loosely, since commercial firewalls tend to be less focused than this. Perhaps I should have said "stateful multi-layer inspection firewalls", which is a more accurate description of the hybrid nature of many "stateful" commercial firewalls. These firewalls perform inspection at multiple OSI layers, in many cases right up to layer 7, the application layer. Firewalls like this are quite capable of protecting against the HTTP attacks of Nimda and Code Red.

When I said "monitors the actual content of the connection", I again spoke too loosely: I was talking about the protocol content at the application layer, which is what layer-7 firewalls monitor.

So, properly configured, a stateful firewall still can NOT prevent you from being exploited.

Some of the layer-7 firewalls can prevent certain application exploits. Even something like this SSH hole could potentially be blocked by such a firewall, but it would depend on the specifics of the exploit and on what the firewall was checking for. But everything I said was intended to emphasize that firewalls do not provide a complete security solution, no matter how stateful they are or what network layer they operate at.

Re:Firewall, shmirewall

[mgv]

Yes, you read my reply wrong. I was replying to someone who suggested that this article indicated the need for firewalls, and pointing out that firewalls don't necessarily protect you from attacks like these.

I agree with most of what has been posted above. What I was pointing out in my initial post is just how quickly any system that has a routable IP address will most likely be probed. I'm not saying that firewalls are total protection. But I'm not turning off the firewall on my DSL connetion right now either.

In particular, having a windows 9X (no security) or win XP (Default user has admin rights with no password) on a machine without a firewall is likely to be compromised rather quickly.

Michael

Re:Firewall, shmirewall

It's very easily possible.

http://www.openlysecure.org/openbsd/how-to/invis ib le_firewall.html

Only accessed from console.

Re:Firewall, shmirewall

[Fjord]

It hink he was refering to protocol filtering firewalls that do more than this. For example, in 1996 I worked at a place where the firewall would inspect the HTTP protocol and would terminate it if it looked fishy. This was a problem because I was attempting to POST using data other than url-encoded (my own mime type, this was before xml) from an application in one service network to another in another service network and it would terminate the connection. Turn off the protocol filtering and it would work (in this case it was because of what I think is a bug as it was more retrictive than the spec).

Re:Firewall, shmirewall

[evilviper]

Okay, I understand what you meant.

Some of the layer-7 firewalls can prevent certain application exploits. Even something like this SSH hole could potentially be blocked by such a firewall

That's doubtful... Not impossible, but doubtful. To do that, the firewall (App-Layer Reverse SSH Proxy Actually) would need to generate SSH keys, decrypt all incomming traffic, then re-encrypt it before sending it back out again (just like a filtering HTTPS proxy). So, every server that the firewall serves will be seen as having the same key (the one on the firewall). Also, a firewall that does app-layer filtering, it is rather vulnerable to attack, itself.

Besides that, the OpenSSH vulnerability is easy to protect against. You simply have to disable S/Key (ChallengeResponse) auth, or upgrade to the latest version.

Blocking exploits AFTER they have happened is not the job of a firewall (that's the IDS' part). Rather, a firewall should be able to block the attacks, or somehow help to render them useless.

<rant>
I don't see much value in reverse proxies. They are slow, not likely to block most exploits, and vulnerable themselves.

You'd be much better off using a stateful firewall/router with a good ruleset, in combination with running services as a normal user, chroot-ing services, or using software that will keep the software in line (Systrace, imsafe, or something similiar).

I happen to recall some commerical software similiar to imtrace that would detect strange behavior in running services, kill the process, ban the IP that caused the behavior temporarily, then restart the service. Their 'hack this server' site was a fairly impressive demonstration. Anyone happen to know the company name or URL?
</rant>

A Gay Script Kiddie too?

[XBL]

My brother's girlfriend Danyel gave me this purply long skirt thingy. It is soo cool. I would wear it to school tommorow, but there are these kids in the loccer room who hate gay people.

This guy has a lot going for him. He can crack any kid's computer that tried to beat him up.

Re:A Gay Script Kiddie too?

[BrookHarty]

This guy has a lot going for him. He can crack any kid's computer that tried to beat him up.

He can pack a gun, would that earn you more respect?

Its a good thing they didnt post the kids IPs, these kids are just kids and should be left alone. They dont need more gay-bashing or script kidding bashing. He just wanted to hack to put on a IRC bot script, which is pretty harmless, wrong, but harmeless.

Re:A Gay Script Kiddie too?

[GigsVT]

He just wanted to hack to put on a IRC bot script, which is pretty harmless, wrong, but harmeless.

Tell that to the guy I just send a $600 bill to for cleaning up his computer after he was hacked by a "harmless kid looking to run IRC bots".

I'm sure he would disagree about how harmless it was.

Re:A Gay Script Kiddie too?

[BrookHarty]

I did say Harmless, and wrong. re-read my post.

Re:A Gay Script Kiddie too?

[GigsVT]

But it's not harmless, monetary damages and lost productivity are real harm, it's not just a morality issue, there are tangible damages.

Re:A Gay Script Kiddie too?

[zootread]

heh.. that reminds me of back in 1994 (give or take a year), when I was a teenager, and went around cracking systems. I'd see other crackers running those stupid IRC bots and I'd of course send them fake messages to their tty that their phone line has been traced and they will be prosecuted. I'd see them logout immediately (if I didn't kill their processes myself) and never show up again. Good times.

Re:A Gay Script Kiddie too?

[BrookHarty]

If your system is compromised, and you don't know, what harm has been caused? Not all comprimised systems produce monetary damages or lost productivity. But I'm sure you can find your system cracked, spend a million dollars on upgrading security, and consulting fees, and say some "script kiddie" just cost your company a million dollars.

Re:A Gay Script Kiddie too?

[GigsVT]

If your system is compromised, and you don't know, what harm has been caused? Not all comprimised systems produce monetary damages or lost productivity.

All compromised systems cost people in the form of time spent cleaning it up. Once a system is compromised, unless you were running an integrity checking program, it's basically impossible to trust any binary on it without a clean reinstall, or a tedious comparison of checksums.

In a business environment, this means downtime, and lost money, in addition to whatever you have to pay whoever is cleaning it up.

Leaving up a system that is known to be compromised could expose you to legal liability from the actions of the cracker.

I can't believe you think cracking is harmless. Even if it is never discovered, that means that your privacy is compromised, your bandwidth and resources are stolen, and could possibly open you up to more malicious attacks if there is a badly secured backdoor installed.

Maybe you are just trying to rationalize your own illegal behavior? Cracking cost companies real money, not just fabricated figures.

A lot of the numbers are trumped up, and sometimes people overreact, like those kids that were put on extended suspension for hacking their school computer, but that doesn't mean that cracking is harmless, it is far from it.

Re:A Gay Script Kiddie too?

[BrookHarty]

My god, you guys rate crackers as terrorists or murders. WTF is wrong with you?! Yes you need to protect your systems, and you need to slap the kids on the wrists for cracking, but if a kid trespasses, you put a bigger lock on your door, you don't build a new house and shoot the kid. Get some fucking perspective.

Maybe you are just trying to rationalize your own illegal behavior?

Maybe your a tight assed republican, hard core christen who believe in the death penalty, and hates gays.

BTW, people can support a prosecuted group, and not belong to that group. I for one, believe that the "Zero Tolerance" approach is more evil than murder. You need to look at each case, and punish for the level of intent. Stop believing the FUD, crackers/hackers have been around for 30+ years on our computer systems, only a very few cause monetary damage. But yes, he was pretty harmless compared to most, and yes I believe its wrong to enter a computer uninvited.

Re:A Gay Script Kiddie too?

[GigsVT]

Maybe your a tight assed republican, hard core christen who believe in the death penalty, and hates gays.

Libertarian, and I have no position on the death penalty. Homosexuals are OK by me.

I view crackers more like shoplifters. I don't believe what they do is harmless, and the potential loss is much higher than in the case of shoplifting, but it is usually on the same scale.

I'm not believing FUD, I'm basing my opinion on the damage I have personally seen crackers cause. I do some freelance consulting in my spare time, and sometimes I do cleanups after someone is broken into. It's a serious matter, not to be taken lightly, when a business server is compromised.

Re:A Gay Script Kiddie too?

[waferbuster]

Hmm, my perspective is that if someone trespasses into my house uninvited (because the lock I have is not pick-proof, or by breaking a window, or some other overt method of bypassing my wishes), it's not an issue of my lock/security being inadequate. It's an issue of some kid not respecting my rights. Locks are to keep out the honest people. For others, there are other deterrents.

I do think this kid isn't going to be doing much 3l33t playing for a while... his mommy is probably going to spank him (figuratively) for the hassles this is causing her, once she understands what he was trying to do.

A couple of weeks ago, I did a simple workstation install of BSD. While I had it connected outside my firewall getting packages via FTP, some kiddie rooted it and started sending out mass emails from my IP. Needless to say, I was *not* a happy camper. I'm just glad that no complaints were filed with my ISP.

I think having this kid wash cars for the local Windows Users Group members would be appropriate.

Re:A Gay Script Kiddie too?

[BrookHarty]

Here the kids have to work in the animal shelter, help putting the animals down, and sweeping up the ashes. I dont think we have boot camp here, but Id rather them be scared straight then end up in prision.

Re:A Gay Script Kiddie too?

[Shanep]

Hey, there are even gays on the other side of the fence, so to speak...

Here is Theo de Raadt slamming into Darren Reed over Darren having a bit of a poke at OpenBSD practices in the shadow of the recent OpenSSH hole that led to a remote exploit in the default install.

I spend more than 8 hours of every single day of my life auditing code (and over the last week, 16+ hours a day), and here is some gay guy from Australia who spent all of Usenix in San Antonio years ago moping with droopy eyes after a very straight and girlfriended Mudge is not going to tell me that I am not doing enough

I love reading Theo's posts.

Re:A Gay Script Kiddie too?

but, like 'packing a gun', what he did was illegal. Breaking and entering is most certainly NOT harmless. The more people realize that they can get in serious trouble for this kind of thing (go to jail), the less it may happen.

Re:A Gay Script Kiddie too?

i think you're full of crap. what kind of consulting do you really do? consulting with goatse.cx???

you're one of those people who just argues for the sake of arguing. potential loss this and that -- all your opinions, personal anecdotes, and no hard facts to back them up. you're just making it all up, pretending to be a "concerned" individual. the only thing you should be concerned with is your consulting work with goatse.cx.

BLAH

[Junior+Macintosh]

For some interesting reading related to this article, take a look at the text files that come with the exploit that was used to crack this honeypot.

Most hacked?

[the_rev_matt]

> Most honeypots out there tend to be Redhat Linux as it's has the worst record for security out of pretty much every OS out there, and so it makes for a good honeypot since the goal is to get hacked.

Obviously, he's never heard of Windows.

Details of one of the hackers

Contact
e-mail: omegakidd@tfz.net
e-mail2: omegakidd@cheguevara.zzn.com
e-mail3: omegakidd@omegapunx.org - Not sure if working
aim: eromlenosam
aim2: shoogy maple
aim3: satan the killer
msn: omegakidd@hotmail.com
yahoo: omegakidd
irc@efnet: omegakidd in #omegapunx

Elmore, Mason omegakidd@tfz.net
OmegaPunx
5233 Welcome Ave N.
Crystal, Minnesota 55429
US
(763)531-0637

Have fun people!

Re:Details of one of the hackers

[omegakidd]

That has already been posted...

Omegakidd postings to alt.hacking and other grps

Link to newsgroups provides clues of information sources used by this script kiddy. No direct references to this exploit though.

Got guts?

[autocracy]

Wow... most of us feel good about getting a story we've written posted on Slashdot. You got a story written about you! Kudos man... now if only it wasn't a story about something you did that was incredibly stupid!

New Slogan!

28 hours without a hole!

"Hacker 1" who's "Hacker 2"?

[jarodss]

Ok, so we have info on "Hacker 1" but what about his litte friend "Hacker 2"? Who is he? Maybe omegakidd can help us out with that one...

Re:"Hacker 1" who's "Hacker 2"?

[capnjack41]

He may have been mentioned on the about page...

About Omegapunx

operating system: FreeBSD 4.5
processer: 845Mhz AMD Duron Processor
ram: 576 MB
ide1: 40 GB Hard Drive
ide2: 52x CD-ROM
nic: Linksys 10/100 base NIC
monitor: 17" Hewlett Packard
info: It all started out when me(omegakidd) and Joe(punkman) created a channel on EFnet. Then I decided to get omegapunx.org. That is the end of that.

Re:"Hacker 1" who's "Hacker 2"?

[jarodss]

He's actually updated this page, he says his friend doesn't want the publicity or something along those lines in the forum.

operating system: FreeBSD 4.5
processer: 845Mhz AMD Duron Processor
ram: 576 MB
ide1: 40 GB Hard Drive
ide2: 52x CD-ROM
nic: Linksys 10/100 base NIC
monitor: 17" Hewlett Packard
info: It all started out when me(omegakidd) and my friend created a channel on EFnet. Then I decided to get omegapunx.org. That is the end of that.

Re:"Hacker 1" who's "Hacker 2"?

[capnjack41]

hmm...well, I suppose he's learned his lesson by now. Maybe we should leave the poor bastard(s) alone.

Re:"Hacker 1" who's "Hacker 2"?

....I'm sure they know that they aren't some big 'hackers' why are they so stupid to you people? they're just messin around
YOU'RE CRAZY!

*BSD is dying

It is now official--Netcraft has confirmed: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.

You don't need to be a Kreskin to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is mortally sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

F1N4LLY

[B1FF]

1"M GL4D TH1$ GUY H4$ TH3 GUT$ 2 C4LL MY FR13NDZ ''HACKER'', 1N$T34D 0F TH4T ST00P1D ''SCRIPT KIDDIE'' N4M3 WH1CH 1 N3V3R L1K3D. W3 R H4CK3RZ!!!!!11

1T"S L0N6 P4$T T1M3 W3 G0T TH3 R3$P3CT W3 D3$RV3!!!!!!!!!11

Re:A Gay Script Kiddie too? No.

[LoonXTall]

Clothing doesn't make people gay. Try reading this book and see if you look at the world in the same way ever again.

This is just another sign...

...that BSD is dying. It can't even keep up with today's script kiddies. So sad.

Dollar Bill

[80N]

I've got a dollar bill with www.omegapunx.org written on it. Do I win something?

Re:Dollar Bill

[omegakidd]

Hmm. wow. thats cool. you win the dollar bill of the person who had no clue what he was doing.

My sincerest apologies.

[mikeanuzis]

First, my apologies to the Honeynet Project (http://project.honeynet.org), the Distibuted Honeypot Project (http://www.lucidic.net), and everyone else who does research in the field of honeynets for releasing a paper which revealed the identity of the hackers involves, as this clearly doesn't fall into the scope of releasing a good whitepaper on the topic. Second, my sincerest apologies to the two hackers who compromised my honeypot. I went through and tried to conceal the identity of the two hackers involved, but it's true I knew they could still be traced by searching google's cache for pretty much any sentence on the cached page I displayed. I had no intention of revealing their identities, and it's clear I thoroughly overestimated the level of maturity of my target audience. To be completely honest, I would rather have never had this article featured on deadly.org and /. if I had known ahead of time how badly the two hackers personal information would be exploited. To those people who read this, please stop bugging the hackers involved. They appear to be nothing more than innocent (and slightly unwise) kids. Let's grow up for a minute here for their sake. It can't be all bad, because after all they did hack a honeypot... so I guess there's a moral to be learned with this story, but please don't take their humiliation any farther than it's already gone. I'm honored my whitepaper was featured on these great websites, and I hate to feel like I'm crashing the party... but I can't help but feel bad for the poor hackers involved. With utmost sincerity, Michael Anuzis

Re:My sincerest apologies.

[Alric]

Oh please, don't be so self-righteous.

Those two kids are probably loving the attentiong right now. Did you even check out their website? /. is featured in his Links section. I agree that people shouldn't be calling him at home or otherwise harassing him, but a few emails or guestbook entries is a small price to pay for getting caught in the midst of a stupid, stupid (and illegal) act.

The white paper was a good read; just keep in mind that these kids are most likely bragging to their friends about their being on the front page of slashdot.

Peace.
Alric.

Re:My sincerest apologies.

[LionMan]

I disagree;
attention it is, but not positive attention. Their servers are being hit with posts of 'that was a dumb thing to do' (look at the guest book) and the like. It's a lot of negative attention, and the kids are probably feeling pretty shitty right now being the target of name-calling and attacks (verbal, and their computers are probably being attacked also.)
Don't stereotype that just because they are teenagers they crave any type of attention.

Re:My sincerest apologies.

Um, that's not the honeypot paper author. It's the omega kid trying to damage control posing as the paper author.

Check out the uid.

Re:My sincerest apologies.

I agree with you. What I hope is that they've learned their lesson with this happening. And turn to the good side. Would they learned their lesson if they wouldn't get this attention? Will this help them turning to the good side?

Michael shouldn't have made some of the screenshots public. But he could have said he searched their identify and how he did that. That's the interesting part. That's what a sysadmin would have needed if he found out his box has rooted.

Re:My sincerest apologies.

Right on. This is the only post the user had ever made. I guess we can add "identity theft" to omega kidd's list of crimes. He's picking a fight with openbsd users. He'll regret this.

Whose sincerest apologies?!

[andfarm]

Note that this user has only posted one message, and has no information linking them to the actual author of the article. The legitimacy of the message should be IN QUESTION.

(Off topic: How did this posting get +1 without any other comments to get karma from?)

Photo here...

[10+Speed]

http://www.omegapunx.org/pics/me/Pict0003.JPG

Re:Photo here...

[satanami69]

I swear from pic 3 to 5 it looks like the dude in blue is about to go down on you. And where the hell is pic 18 at?

It was a honeypot, he did nothing wrong

[mangu]

The purpose of a honeypot is to get knowledge from the hacker. In this case, I think the sysadmin should pay the hacker for the knowledge gained.

Re:It was a honeypot, he did nothing wrong

[GigsVT]

God, you people are so full of shit. I guess if I leave my house unlocked, it is OK to hang out inside and eat some of my food.

Re:It was a honeypot, he did nothing wrong

[brianosaurus]

no, dipshit.

a honeypot is basically a computer with a "hack me please" sign on it. its more analogous to you leaving your door open with a sign saying "free food", in which case it would appear to be OK to hang out and eat at your place.

Re:It was a honeypot, he did nothing wrong

[waferbuster]

Wrong!

Like a lot of folks, you are missing the *intent* with which he accessed the computer. It's one thing to surf web pages served by a computer belonging to someone else, which are intended to be publicly accessed. It's another thing entirely to use a recently publicized exploit to gain root access to someone's computer without their approval.

The proper analogy would be driving down the street until you spot a house with newspapers piled up on the porch (indicating that the house is probably unguarded/unoccupied), and then going around back and breaking a window to enter and eat the food.

Results are important, but let's not confuse the fact that the kid was unable to use his illicit root access due to configuration of the honeypot and his own ineptitude. He intended to break in... he didn't just accidently stumble into root mode.

Re:It was a honeypot, he did nothing wrong

[GigsVT]

Yeah those women that wear short skirts in bad parts of town are asking to be raped too.

Re:It was a honeypot, he did nothing wrong

[mosch]

Could I please have the IP address of the servers you admin, so I can give you some knowledge? I'll send you a bill afterwards.

Re:It was a honeypot, he did nothing wrong

[mangu]

Yeah those women that wear short skirts in bad parts of town are asking to be raped too.

Not exactly raped, but there are female police officers who do that to catch men who are looking for prostitutes, where prostitution is illegal. If not done exactly right, this is called "entrapment" and the perpetrator walks free.

A badly designed honeypot may be contributing to hacking, and may be considered as participating in the crime. The honeypot sysadmin may be an accessory before the fact.

Thinking from a moral standpoint, i.e. considering the spirit of the law instead of merely the letter, I believe the guiltiest part here was the sysadmin who set the trap. He was an experienced computer professional who induced a somewhat confused teen to commit an illegal act.

Re:It was a honeypot, he did nothing wrong

[GigsVT]

He was an experienced computer professional who induced a somewhat confused teen to commit an illegal act.

You don't understand entrapment.

http://www.lectlaw.com/def/e024.htm

ENTRAPMENT - A person is 'entrapped' when he is induced or persuaded by law enforcement officers or their agents to commit a crime that he had no previous intent to commit; and the law as a matter of policy forbids conviction in such a case.

The part in bold is important. The kid had a previous intent to commit the acts of breaking into a computer. He was not enticed into cracking because he saw the honeypot, in fact it's nearly impossible to argue that, he had to have been running a vulnerability scanner on random subnets that he did not own, looking for computers to break into before he would even find the honeypot, that clearly establishes intent to break into computers.

Re:It was a honeypot, he did nothing wrong

ok, so what does it really matter in this case?

mr. openbsd admin is not after him. in fact, mr. openbsd admin is happy that the kid hacked into his experiment, making it a success.

did you want to sue the kid yourself? what's your point? maybe you're such a goatse.cx person that you can't just leave this matter for what it is.

Kid wants to hide his screenshots.

[Shanep]

As of the 13th of July, our script kid friend wants to hide his screenshots section for some reason.

Too bad Google has it cached.

Re:Kid wants to hide his screenshots.

[omegakidd]

Wouldn't you want to?

Re:Kid wants to hide his screenshots.

[Shanep]

I think you've been given a bit of a bad wrap here.

Script kiddying is nothing to be proud of, but I don't think it's anything to be ashamed of either. People who take care of servers on the net, who don't keep them patched should be ashamed. Before someone jumps down my throat, I'm not refering to the Honeypot, it did what it was supposed to do, I'm refering to real production servers.

If it were'nt for root kits, there would be less desire to keep secure, as a believe real hackers are a rarity amongst all the script kids. Script kids keep admins on their toes. Kids will be kids.

Life's a bitch when you're dead

It hurts and stuff.

*BSD is dead

It's 3:48

Time for a reminder that BSD is dead:

BSD is dead and has been for a long time.

Join us again at 3:58 for another reminder. Coming up next: traffic and weather together.

Mirror site of the whitepaper

[mikeanuzis]

For those interested the site the whitepaper was on has been temporarily disabled by the web hosting company due to too much traffic.

Another copy of the whitepaper is available at:
http://www.anuzisnetworking.com/whitepapers/

And to verify, yes it was in fact me who posted the above apology. --Michael Anuzis

Not Online

[serialdj]

Just an interesting note that the whitepaper in question has been removed from the web site. Started reading it yesterday and was unable to finish reading it. Slashdot effect? Anyone have it saved, could ya send it to me at robert.fleming@rogers.com

Re:Not Online

[omegakidd]

Well, the web site has went over it's bandwidth limit. But you can search for the cached one on google or just to to the one that he posted.

It's 9:04

Time for another reminder that BSD is dead:

BSD has more holes than Swiss cheese! No wonder it can't be used in any type of business environment.

Coming up next, traffic and weather together.

Elegy for *BSD

I am a *BSD luser
and I try hard to be brave
That is a tall order
*BSD's foot is in the grave.


I tap at my toy keyboard
and whistle a happy tune
but keeping happy's so hard,
*BSD will die real soon.


Each day I wake and softly sob
Nightfall finds me crying
Not only am I a zit faced slob
but *BSD is dying.

It's 11:00. Do you know where your BSD is?

I'm sorry I have to tell you this, but I think it's dead ma'am.

Time of death: 5 years ago.