Slashdot Mirror
CrackThisBox Updates
Tsu writes "Well, our good friends over at the Win2K Test Site have, unsurprisingly, stolen an idea from the competition: they've released their Administrator password. Meanwhile, the linuxppc people now have a guestbook up. "
Fact is that MS is not evil. They are an agressive business. Being aggressive is not incorrect nor illegal. The reason why people are whining is because MS created an OS and said "people we need apps, write them". And then later on they said "ooops, sorry, but we need to keep our market up so we will write them as well." This pisses people off because you ruined their business. It is not illegal, nor immoral. It is called business. My point is if you do not like it, write for another OS. Remember to hurt MS is not show your rage, but say, "fine two can play at that game". And therefore the key is to attract those people to another OS. You may say it is not so simple. But it is. The problem is that the other OS's are not as popular and therefore the market is not as big. But to become big you need to support the other OS's. What bothers me about the LINUX folks is that they think that LINUX is a way of life or a new way thinking. It is not it is a business plain and simple. Open source is not a modern idea. Open source is as new as the concept of Java is. It is just a new wrapper on an old package. And the sooner the folks think about how to make money the sooner we can get some serious competition. I recommend all LINUX folks to read some material that Peter Drucker wrote. He understands technology cycle very well.
8/8 12:50 CET: [eon@starwalk eon]$ telnet www.windows2000test.com 80 Trying 207.46.171.196... telnet: Unable to connect to remote host: Connection refused Still down it seems... crack.linuxppc.org still up and running, GO LINUXPPC! Grtz, Eon.
well, as I read this story, and clicked the link to the MS site (as I suppose a lot of readers also did) I was unable to visit the site. Netscape warning dialog said that the site could be down or too busy.
/.ed, to use the less amount of characters?
That's all. Pretty simple actually.
29.RamDisk:> wget http://www.windows2000test.com/status.htm1 :32-- http://www.windows2000test.com:80/status.htm
--11:5
=> `status.htm'
Connecting to www.windows2000test.com:80...
Connection to www.windows2000test.com:80 refused.
Kinda says it all I think =)
The best way to keep a box secure is to have as much downtime as possible!
This is the invention of the century! Just imagine how many DoS and cracker attacks your site could avoid by being down 80-90% of the time!! I think that Microsoft has realized this important security concept a long time ago and integrated it into their products long before it gained wide acceptance.
In the past, the instability of Microsoft products was the laughing stock of all but the poor computer illiterate masses ("my computer's cupholder broke"). But Bill Gates had a vision.
Now I can see that Microsoft boxes are more secure than any non-MS OS, even OpenBSD or LinuxPPC! I mean, if I, a legitimate user can't even connect to the box then how can a cracker break into it? The amazing potential of this technology staggers the imagination.
And OS technology is advancing all the time. See, in the beginning, MS Windows 1.0 had pretty low downtime. But as Microsoft gained more experience in the fields of Bloatware (trademark of Microsoft) and Instability, its newer products featured more and more security. (By the way, Bloatware is a security concept that uses large amounts of bogus data to hide the few relevant files so a possible intruder can't find them and it also makes a product look like it has a ton more features since it comes on 48 CD's instead of a floppy
Right now the latest and most secure MS product is Windows 98. From firsthand experience I can tell you that it does a marvelous job of keeping intruders out, although i have to save my work more often and I've become partially color blind -- my eyes have stopped seeing the color blue because I used to see it all the time.
Windows 2000, the upcoming Microsoft product will have even more amazing security. So far I've tried going to the w2k test page and the security measures there boggle the mind. I was unable to connect 90% of the time! Now logic will dictate that if I can't connect then some mean coke-drinking disk-slinging PERL-addicted maniac cracker won't be able to break in and do nasty things to the box and the $200+ OS on it.
Now isn't that better than some free OS that is always up? Microsoft, thank you for making your OS so secure!
PS. I think that by year 2002 Microsoft will bring us an OS so advanced that it will have a 100% downtime. Now that's what I call cutting-edge technology.
Want your box to be secure? Switch to an MS OS. Get faulty routers & switches. Move to a rainy area. That's the Microsoft way.
For the humor deprived: this was a joke. I think that if Microsoft wants to survive the next couple years it needs to get its act together and strive for quality instead of releasing a new version asap to bring in quick cash.
--diarrhea
Eat shit! A hundred billion flies can't be wrong!
Yes you can. You can start a WinVNC server! :-)
Have you considered installing a spell checker? ispell is quite good. If you're using a Microsoft product, the F7 key may be of assistance.
Hope this helps,
Chaz
well I am a Linux user and would try to crack the :) ) are cheap and the chance to win a computer
Linux box,(Not that I have the skill to crack ether) mainly becaus there is no insentive to crack the W2K box other then to prove that it can be done. I think that many linux ueser (including me
will make shure that the "Linux box is really getting a fare shake"
> I know my spelling is really bad sory
As everything else, this is configurable.
Yeah.
Thats because slashdot is for the most part full of snot nosed university kids.
Windows is like a big tamagotchi..!!
If you dont give it upgrades and reboot reguraly, then it will eventually die..
They can't keep it up! I have yet to try to get to the win2000test box and have it be up! I bet I have tried at least 20 times over the last few days, and not 1 time can I get a webpage, ping, or nmap, it's always down.
I can't get to www.windows2000test.com either.
Really embarass MS. Get a slashdot forum up and running on the server.
If not secure enough, then just do what should be done, host the commnents on a separate machine, ie slashdot.
>I'd predict, since it's likely on campus at Redmond, that they have >no need to contract any MSCE's to run the test site. I suspect the >NT2000 development team is involved.
And who do you think is responsible for creating the training for the MSCE's in the first place?
I've been switching to more and more Solaris boxes with Samba at work
That must mean you're providing rock-solid servers to more and more Windows 9x and NT desktop machines, right?
Everybody has known for quite some time that Unix makes a pretty darn good server platform. Sounds like you support a lot of Windows desktop machines.
There, now that wasn't too painful, was it? And so easily accomplished without resorting to childish things like saying that one of the two organizations is stealing ideas (as if either were brand new), or outright lies like "Win2K lacks any remote administration tool like telnet," if you are indeed the person who made that remark.
And next time, please don't wuss out and blame political correctness-persecution instead of owning up to what you did. There are a lot of real cases of people getting screwed by the joke that is political correctness. Yours isn't one of 'em -- you were just spreading bad information.
As for your "Trying to please everyone is hard" remark, I didn't realize that there was a huge pent-up demand for incorrect information here. Who exactly would have been "displeased" if you had just reported the facts and left the rest out? Thanks, but this site's already got enough misinformation as it is.
Cheers,
ZicoKnows@hotmail.com
Funny very funny. Should be a brit traffic engineer.
C:\WINDOWS>ping www.windows2000test.com
Pinging www.windows2000test.com [207.46.171.196]
with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 207.46.171.196:
Packets: Sent = 4, Received = 0, Lost = 4
(100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
SUNDAY, AUGUST 7, 7:40 AM EASTERN STANDARD TIME
crack.linuxppc.com was reachable with both ping and Netscape. 'Nuff said.
The only reason all cover-ups appear to fail is that you never hear about the ones that succeed.
that's differently
Lowmag.net
NT runs telnet, just like Unix does, except that... except that you don't have a single decent command-list utility to use with it. The DOS shell is a nightmare. To get real telnet support you'd have to install cygwin or something similar..and I read somewhere in their FAQ that cygwin is still not secure enough.. ...it doesn't run telnet in kernel space. Um. What do you think telnetd is? Were telnet servers ever integrated into a Unix kernel?? Daniel
Or, in the actually world: It's behind a firewall.
uh, wrong boyo. digital unix, solaris, AIX, etc. do
micorsoft fuckin R00l3zzZzZ man. THEY ARE KING OF SOFTWARE. AND I AINT NO FUCKIN TR0lL.
Wait just a second, we took their idea, so what if they take an idea! The anti-microsoft attitude the linux kiddies project makes me NEVER want to use linux again. Too imature, please grow up linux kiddies.
So this is supposed to be site for self-adoring bunch of Linux users ??
"been in *nix for six or seven years now" horse droppings. maybe you've been using linux for seven years, but certainly not a real Unix. many sysv ports have telnet IN THE KERNEL. repeat after me: "performance hack", dummy.
W2K actually has a HUGE number of remote administration tools, _including_ telnet. Get some more info before spreading tripe next time.
Hey pal! I live in this godamned rainy area and I will tell you one thing:it is freeken killing me! Normally it is nice here during the summer. (thank god) but this summer, there have been two or three weeks of sun and the rest has been cloudy and rainy. Guess what? The leaves are already changin colors!
So next time all you folks wonder what the hell is up Microsofts ass. It is the freeken weather OK?
this message is meant in no way to defend microsoft
Read "The Microsoft Files" if you have any doubt about Gates' Napoleonic excesses.
Even in the ludicrously under-regulated U.S. economy, there is a presumption that you don't steal and you don't lie. Gates, et. al., are famous for doing both - pathologically, you might say.
No one minds success when it comes from hard work and talent. But success which comes from lying, cheating, and stealing is intolerable even in the U.S.
Morality, you see, is not at all subjective. By any possibly true moral normative theory - Utilitarianism, Contractarianism, or Deontological Theory - lying, cheating, and stealing are demonstrably morally wrong.
If a person is evil because they consistently do what is demonstrably morally wrong, then Bill Gates is clearly evil. End of story.
It doesn't help, of course, that their products mostly suck. Mostly.
it's in the MS "people"'s best interest to attack their own box
But the same goes for the linux guys...
I honestly believe the Linux box is being battered by people using linux.
First of all I know more about linux and *nix in general than about NT. The linuxbox makes a more attractive target that way. That argument probably goes for many of the linux people.
Why would I try to break an os I don't use? Just to prove it's unstable? I'm not that kind of guy and frankly, I don't really care.
Yes, I am a bit biased... so I'd rather see the linux ppc being really put to the test.
I believe ESR wrote something open source worked because people were "scratching personal itches".
Linux security is *my* personal itch, Windows security is someone else's.
I'll scratch your back if you scratch mine...
The Halloween documents may be a clear indication that MS is not about to scratch Linux' back.
But on the distribution of attacks:
I expect the D.O.S. attacks being mostly cross-platform (linux kiddies trying to nuke win2k and windows kiddies trying to nuke linuxppc), while the cluefull attacks are being done by people who know a bit about the os they're trying to get into.
And why do you think B.G. is so evil ?
Any examples beside the fact that he is very ferocius businessman ?
i'm sure your talking about RAS et al.. too bad this test does _NOT_ have them running. Hence the statement
So what if Microsoft "tagged" the idea, the linuxppc 'crack the box' idea was not inspired by microsofts decision, was it?
It ain't free no more. About $149 Canadian when I checked last week.
Has anyone else noticed the windows2000test.com site is once again unreachable?
It's setup so you can't connect remotely as root. Get a clue man...
rot13 the email address.
I clicked on the "guestbook" link and get some error saying "ok you script kiddies, go to bed now". Whats the deal?
-kidd
NOPE no thunder here. Nope. Promise. Hey did anyone download some of that nifty ass free software that microsoft gives away from their website during the time that win2k was down due to the thunder?
that would prove they didn't lose power.
Besides? Why would they lose power? Aren't they the biggest software company in the world? Wouldn't they have generators to keep the happy web face of the HUGE CASH COW they got going up there in bumblefuque?
I know they probably think those most SANE people would move up here to WHITE TRASH HELL IN THE RAIN but I live here, and I know what the weather is like [see related post]: And it is NOT LIGHTNING IN WASHINGTON!
Seems like it has been cracked! Dex-
Humm, some approval jocky screwed up.
I swore the status page mentioned 20% load at one point. Why would one need a bigger machine?
So did all that tweaking to fend off attacks increase the processor usage?
There are many remote administration tools. Remotely possible, PC Anywere for NT, Microsoft SMS ( can even flash the bios remotley ) telnetd. The list is verry long. Over 100 commercial remote admin tools.
Don't forget you have to boot the W2k machine to crack it... or kick all the MCSE out of the way..
MarNuke
8 sl-bb10-sea-9-0.sprintlink.net (144.232.6.90) 50.642 ms 51.102 ms 50.993 ms
9 sl-microsoft-4-4-0.sprintlink.net (144.232.192.6) 51.736 ms 52.360 ms 51.980 ms
10 iuscgsrfec7501-a5-00-1.cp.msft.net (207.46.190.38) 52.389 ms 52.129 ms 52.981 ms
11 iuscb11ixc7502-a1-00-1.cp.msft.net (207.46.129.136) 51.672 ms 52.598 ms 53.737 ms
12 iusd27nt5c7201-a1-0-1.cp.msft.net (207.46.168.36) 52.838 ms 52.947 ms 53.267 ms
13 207.46.175.250 (207.46.175.250) 53.226 ms 52.794 ms 52.895 ms
14 * * *
---
This sig has been temporarily disconnected or is no longer in service
Okay, this may seem like a joke but from the day the contest went up I've been trying to connect to www.windows2000test.com and I haven't been able to!
on the first one or two days the domain wouldn't even resolve, and then now it does but I can't connect anyway.
I agree with some ppl that say Microsoft gets bashed too much but in these cases they should be ashamed of even making such a server...
here, here, netware gets overlooked to often, it's limited in what it does well (file&print), but nothing does it better. i have lot's of experience & it's not quite as stable as most unices but it's (way) better than NT, it's extremely tweakable, and very secure as well. sadly it seems to get lost in the raging nt vs. linux wars. p.s. 5 finally ditched IPX, for native IP. an thankfully it still doesn't have a gui, except for the console one thingy, which is just plain silly! i know this is off topic, but it's not often that i get a chance to ramble about NW. oh yeah, and they're not evil, there tech support even has a sense of humor, & admits when then don't have a solution to a problem, instead of sending you on repeated goose chases that don't resolve anything in order to buy themselves time to try to figure it out. p.p.p.s bill gate is evil, not because he wants to make money, but because he is willing to sacrifice the growth of technology to do it.
i have walked down train tracks, walked down train tracks, drunk at 3 a.m. it not magic, it's no great trick, w
I tried the guestbook link at crack.linuxppc.com, which immediately redirected me to a halloween page at opensource.org. I could not get back.
Ok. I try all over, but now I only get:
TCP connection to 'crack.linuxppc.org' failed: Operation now in progress.
Seems to me that the guestbook has been hacked and apache has given up. In other words. We lost.
Man, even coders can correctly spell "fear".
Can anyone mirror this windows2000test site on a Linux box? It never seems this NT site is up and running.
*snicker*
-- Greg
Slashdot, would a spell-checker for posting be too much to ask? It's not rocket science!
root password: linuxppc - doesn't work. comments ?
... the new M$ security model, you have to make it run before you can crack it ... tough ...
While it might be rather difficult to manage the rpm database with a text editor, it isn't hard at all to manage it from the command line. I can't stand RedHat's GUI front ends to rpm, but I get along with rpm itself just fine. Try something line "rpm -qfi /bin/ls".
Wait... you're saying that MS stole the idea for releasing the Admin password, but if I remember correctly, MS was the first to start the competition... THEN the Linux community COPIED them!
My... how hippocritical.
Comment removed based on user account deletion
Linux has no bugs?
What-everrrrr...
Destroying the computer industry... What?
Maybe if I also smoked some crack I would understand...
God, this is awful...bizarre as it sounds, it could be a router problem. Their nameservers (ns1.winisp.net, ns2.winisp.net) are down. In the past, when they've claimed a router prob, the NS's have been down at the same time.
doesn't do much good when all I can get is a connection refused instead of getting the password eh?
--
Wonko the Sane
Too bad no matter how much better Linux proves itself in this contest, management will always go with NT. Obviously Microsoft needs another year to fix the number of problems they uncovered today. It's hard to imagine them waiting that long and with management as oblivious as humanly possible to comparisons with Linux you can expect most of today's bugs to move to the world's computers in 2000.
good...evil....so subjective. come one guys, think different!
-- your knees hurt, don't they?
Uh, what difference does all this make to cracking the box? Are any of these administration tools running?
I'd really like to know what the hell info they even have over at the "crack Win2K" page, but I haven't been able to get ANYTHING out of it from the moment they put it up. Not even a single step of a traceroute. http://crack.linuxppc.org is always up, though. Sure it's slow sometimes, but the pages always finish loading no matter what time of day I try it. No need to crack W2k, it's already broken enough to begin with apparently. .... unless this is happening because every moron in the world is DoS'ing it thinking they are really kewl to be "cracking" it that way.
I'm glad to see I didn't get flamed, most of the time I don't bother with the message boards on Slashdot, with all the flames... To add a few points: 1) Yes, Microsoft DOES practice some questionable business practices. With Windows 2000, they appear to be moving towards more industry standard items (LDAP, DNS, Pure IP). This is a good start. 2) Yes, as Win2k stands currently (bugs and all) it's still a massive improvement over NT4. 3) No remote stuff? Win2k has rsh,rcp,rexec,telnetd, etc. It has an improved command processor, the scripting capabilities are great. 4) yes, in fact i am pretty unbiased, i am most valuable as an open-minded admin who doesnt involve politics in his decisions...I don't despise any OS camp....I wish others would be more of the same...
to directly log in as root.
agreed. if you can't get in, what's the use of the root (or administrator) password?
it was down right before i came here - er, actually after because i hit slashdot, saw the link, thought i'd see if it was up (it wasn't) and came back here to comment on it.
and darn it, i was looking forward to upgrading again!
der dee der.
It does that all by itself. Microsoft has one of the flakiest web sites on the Internet. I get all sorts of strange error messages about broken ODBC servers, connection reset by peer, broken javascript, etc. It's a great advertisement for their alleged "Enterprise Computing" capabilities.
Mea navis aericumbens anguillis abundat
It's configured for only 5 connections at once. This is to prevent silly DoS attacks and encourage real attempts at breaking in through it.
----------------------
"This moon-cheese will make me very rich! Very rich indeed!
There is no K5 cabal.
I am not the real rusty.
Now, AFAICT, their web services have been down for two days now. But the box has been up most of the time. Still pathetic, though: "Crack this box, it has no services running and one 'open' port that refuses all connections."
There's security for ya.
----------------------
"This moon-cheese will make me very rich! Very rich indeed!
There is no K5 cabal.
I am not the real rusty.
She's still there ...26451 unique attempts
... it just withers and dies here.
so far. The guestbook gets real crazy and seems
to screw things up once in a while, but she keeps
coming back. 0 crashs 0 cracks.
M$ still down.
Feel my scorn microweinies.
Go ahead plant some more 'astroturf'
CC
"Pray arm me further by your reply" Winston Churchill
*Raw* telnet is in the kernel as a STREAMS module in STREAMS-based Unixes, to reduce the number of context switches. Telnet option negotiation remains in user-space.
-- brandon s. allbery, sysadmin @ cmu electrical & computer engineering "Think, youth, THINK!"
Every bug you report and every enhancement you suggest to Microsoft, whether in this test or in their office suites, saves them lots of money in quality control and lost sales. It brings them one step closer to crowding out all their competitors. And, to add insult to injury, they will probably increase the prices later because their product is better, based on your suggestions.
I'd concentrate on testing and bug reporting for Linux. That way, you yourself are the beneficiary of your bug hunting; you don't pay for it twice.
Microsoft's claim is that commercial, for profit development is better. Well, then let them pay for their quality control themselves. Trying to weasel quality control out of their customers is just tasteless in my opinion.
Go away you spellflammer. We need more moderation points. Rob?
Try the web, it goes down left and right... for small periods.
Heh, someone finally got it right. And all this time people have been accussing me of being anti-MS/Bill Gates just for the hell of it. On the whole money making/greed issue, isn't the whole point of a capitalist society (as opposed to a communist one) is that there exist some underlying incentive for creative ideas, better products, and better services. But what Microsoft is doing is destroying the entire spirit of capitalism and as much as you believe what they say, Microsoft has not been influenced by this capitalist system in such a way that encourages the advancement of technology but rather a series of cheating, tricks, and consumer deception. In terms of product design, Microsoft aims at what looks cool and what can hurt its competitors even if that means designing their products in such a way that is broken or doesn't comply with specifications. Oh yeah, I hate Bill Gates because he plays his audience like a toy. Just too many morons in this world for people to see through him.
> Even NT4 has several "command lines to a TCP session" utilities in the resource kit
... from laughter.
Ah, like the wondrous UNSUPPORTED telnetd? The one with warning labels all over it? The one that crashes the moment you disconnect? I was quaking in my boots
And if you honestly consider server manager to be a usable admin tool, then wow you have low standards. How about user manager? Boy sure would be neet to get account status from the list. Of course the list when you have a thousand users tends to take eons to refresh, unless you go to low-bandwidth in which case you can't see any of them.
Every time I attempt to use an MS tool, I end up muttering over and over "what a joke. what a fucking joke". Then the Microsofties then blame me for not tolerating crap, it's a failing in me, why can't I praise it for being GUI?
Joke. And every ISP knows it.
I've finally had it: until slashdot gets article moderation, I am not coming back.
You mean about Apache? Try the Netcraft web server survey, which currently shows Apache at 56%, while M$ is at 22% and going down (yes, I know that "going down" in reference to M$ products usually means something else). The survey has colorful pictures in it, so M$-users won't be too confused. :-)
The Unix vs. NT Organization has good resources, including a paper by John Kirsch written mainly for suit types who might actually be capable of thinking for themselves.
It's nothing more than those annoying people that put banners in your guestbook. Not a "hack". (Hackers/Crackers are people skilled at something, I don't consider HTML a real skill).
Certainly it would have been better to consider that people do that with guestbooks that allow HTML.
Sebastian
hardly
First, stop trolling. We all know you are the same troll that appeared in the first thread and on yesterday's article. You can disguise as an AC but you can't disguise your writing style.
;-P ?
"Being agressive is not evil", you say. Fine. The Linux crowd is also very agressive. When they find a non-free program they like, they try to clone it. This might piss the ones who wrote the non-free app, but then, like you said, it's capitalism...
"This pisses people off because you ruined their business." Like when some version of Windows had a fake error message when run in some non-Microsoft version of DOS? Even with the code to detect the OS hidden under several layers of anti-RE code, someone found out.
"My point is if you do not like it, write for another OS." This is exactly what we are doing. And this is exactly what Microsoft wants to prevent (remember the Halloween documents?). Also, this sentence showed you wrote before thinking; you're ranting.
After this point, you go on and on with non-clear thinking (first you say it's simple, then you say it isn't; then you rant about supporting other OSs when Free Software is the most ported kind of software (and we even have Windows versions of most of them)). Then you say that the problem with the LINUX crowd (why all caps?) is that they think that it is a new way of life/thinking (no we don't think that; we know it's older than proprietary software). Then you go on and say it's business plain and simple. Funny, where's my paycheck
Then you say that we should search for money only. But Free Software is not market-driven, it is driven by the needs of its users. And last, you mention someone I've never heard about, but fail to provide a link.
I hope you realize your cover blew up (posting as an AC is useless to disguise you're the same guy as some other random guy when you can't disguise your style and your way of thinking) and that you should stop. You won't win without a rational argument.
I could go on and on, but I left it as an exercise to the fellow slashdotters.
One slight problem: the site's been down. Not just once, not twice, but literally every damn time i try to go to their site, it's down. And not just busy like crack.linuxppc.org is...I can't ping it, and traceroute shows the only failure at the computer, so it's not like their router has gone down.
At this point, it seems that the Win2K box is down more than it's up. I realize this is beta software, but JESUS, give me a break. Imagine the kind of flak ebay would get if they were running Windows 2000 on their boxes right now.
If W2K is this easy to crash, who in their right mind is going to want to run it on any kind of enterprise solution? We've always known that UNIX offers better stability than NT, but it's never become as apparent than now.
Long live linux.
HAHAHA!!! Go administer a network of 1000 machines with your graphical tools! Then go do it with scripts! Then come back and tell us what you really think!
Petition reques
I was an M.I.S. Director for a company with around 60 windows boxes at 10 different sites in two states. I constantly had to reinstall windows and its applications every 6 months on all the boxes to keep them up and running without a crash every day. Seems that windows configurations go stale with age... Hell I expect a lot of bugs from any Microsoft product. That is _why_ I switched to Linux about a year ago. I deleted Win95 from my computer at work and installed Linux. You know something, I haven't had a single crash since then... Interesting... I can even leave my login up all month long and simply clear my screen saver every morning and there I am, all the apps and logins that I was running the day before still up and running. I have been lucky to not have to reboot a windows box every day, three days if I am lucky. When I contacted Microsoft about these crashes tech support blamed my hardware, funny how the same hardware never crashes under Linux...
This is true, Netware will smack any Linux or NT fileserver when given the same equipment. Of course from a network traffic point of view, IPX is a pretty weak protocol. Of course I don't think that was the point of the thread.
SSH comes to mind..
Stan "Myconid" Brinkerhoff
SB.
>>The whole multiuser thing is like a blast from the 70s.
Maybe, but it's a better holdover than using a letter designation for each drive volume.
>To the _vast_ majority of users and uses it has absolutely no use for a kernel to be fundamentally multiuser.
Microsoft don' need no stinkin' multiuser!
>However please note that Windows 2000 does have a multiuser kernel.
Oooo, users don't need mutiuser, but we'll give it to them just in case. How thoughtfull. But only if they shell out the big bucks for the 'Advanced' version.
>Although this is hard to fathom, most NT services allow administration through remote network (ex. TCP/IP) tools. DHCP, events, servers, services, DNS, WINS, Performance counters, etc. etc. etc.
Not hard to fathom, just not particulary usefull.
Event log-
A network error occured on the VPN between machineA and machineB.
Server manager for domains-
Try and find who has d:\data\datafile.idx locked,
when there are 300 people with files open and no way to sort, search, or even view more than five
open files at a time.
Services-
highlight 'www service', click stop, 'this service cannot be stopped because it is not currently running'. Start button remains greyed out.
Performance meter-
Try and figure out a way to get this to show _who_ is tying up all the bandwidth with proxy server.
>Having used both console tools and graphical tools, I will take the graphical tools anyday and can only chuckle at the script kiddies purporting themselves to have some sort of elitist knowledge because vi is their friend.
Hmph. GUI tools are more useful than console tools if you don't have a clue what you're doing. Or useing NT. Chuckle away, I do have elitist knowledge, and vi _is_ my friend.
>Bah.
Bah indeed.
If the Windows 2000 server would stay up long enough, I could probably get a decent chance at cracking it. As it is, it is down so often that I hardly have a chance.
If you worked at Microsoft (which I did until recently), what was your 7 digit employee ID number? If you're not willing to give that out, which area code and exchange code was your phone number at MS (that's the first 6 digits)? What's the difference between building 6 and building 7 on the MS campus?
NT is not based on DOS either. You're talking crap.
Simon
Coming soon - pyrogyra
Hey dufus, you cant remote logon as root. Before bashing linux you need to get your facts straight.
Ummmm, hello? Dumbass?
/etc/issue.net reminding everybody that you can't log in as root. Looks like they took that out.
The JavaScript and META tag stuff on the Guestbook was posted through the Guestbook. They need to fix the Guestbook so that kind of thing no longer works; I'm shocked that they didn't do it right the first time (it's not hard to fix). This did not involve having root access to the machine.
In order to have root access, you have to either be at the local console, or you have to telnet in as another user (the account jcarr does exist, but I don't know the password) and then su to root and enter the root password, or you have to figure out some other way in (exploiting a bug in Apache or its CGIs, since that's the only other thing running).
For awhile, they had a message in
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
(Or so the modified saying goes)
--
--
The Internet is the Suppository of All Knowledge. You get it in the end.
ROTFL!
I don't know if the other AC is really an ex-Microsoftee, but you certainly are!
Did you ever get Sched+'ed for a meeting in Bldg. 7?
Even with some packet drops and high RTT (their pipe is overloaded), it is pinging.
Well, it is true that Linux users tend to generally be better computer users than Windows users-- they almost always are. However, from my experience, I have /never/ had linux crash in the two years that I've been consistantly using it. And it's not often that I get through a day without having Windows NT crash or break on me.
-Splat
Take the serial cable from the UPS the NT system is connected to and connect it to another machine. You now can cycle power remotely! You can also put in one of those LAN cards that control power.... ;) Doah!
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
You monkey rapers. You obviously have no concept of security and what really is a crack and what isn't. All you people know are your stupid little toys produced by someone else. You really don't know anything beyond what the pre-pubescent morons the CDC tell you. Here is a nice little shock for you, everything that BO2K can do, I can find in a Windows API book. Neat, eh? They are not smart, they are not revolutionaries, they are simply trying to justify their lame lives. "I am making a difference!" NOO! You're not, you're taking up space when in fact your lame asses should be ground up and used for flower food. Stop breathing my fucking air. Perhaps, when you are older, more experienced, and you maybe shave, get a hair cut, and get a real job in the "real" world of computers (Instead of your white trash hick job at some cattle insemination plant), you might then be worthy of two shits in my book. --This rant has been brought to you by the acronyms "AFCP" and "CGRP"--
maybe s/\>/>/g; and s/\/$lt;/g; would be better. that way we could see what they tried to and it would just make them look that much dumber
Well, NetCat (from L0pht) is totally free (totally insecure, too... but free). I can't find it on their web site any more, but it was ported to NT by Weld Pond.
I used to have a cgi script to start a netcat session from IIS, with some minor security provisions. Not really secure, but it wasn't always listening
But, if you start it through IIS, your rights are whatever the IIS (guest?) account is. You can start it as a service, but that is a gaping hole without a good wrapper.
It's not one box, it's dozens of them each one mirroring the other. When you crash one, the others take control while they fix it. And you can't DOS it because of their fat pipes, and they use something more stable (I think it's NT 3.51).
Denial of service isn't a crack. A crack is someone gaining total control of the machine.
Nice to see that Win2k is down at the moment (3.30pm BST) and LinuxPPC is still solid as a rock. ;o)
---- Robert Anton Wilson: "Belief is the death of intelligence."
Every time this story has come up, i've tried to see what ms has got on their site, Not once have I got anything resembling a web page, the latest is 'this page contains no data'.
lol
Hong Kong Linux Center home of squidblock, and other cool stuff
So they are blaming thier downtime on the "router?" Wonder what router they are using? Cisco? Nortel? 3Com? Ascend? I want to know. If a router is that unstable I don't want to be installing it at my customer sites...
Perhaps its safe to say the site has been slashdotted? :-)
My journal has hot
And I have been trying about twice a day at random times... The Linux box has been a little slow a couple of times, but I have always been able to access the main page. Anyone else having the same problems?
This is getting me tired. You have to log in as a normal user and then use 'su' to go root.
>> Linux - I have better things to do than reboot.
>Like endlessly futzing around with config scripts?
Better than endlessly clicking around the bunch of annoyingly confusing card tabs and fiddling with hex values in the registry.
-- bmp System Support - Vienna, Austria
on aug 8 03:53:54 it's unreachable. traceroute doesn't go any further than the 15th hop, 207.46.175.250. crack.linuxppc.org is still up.
I know people who constantly crash their linux boxes. The NT boxes under my control are rock stable, I'm very skilled with NT, I know what to do and what not to do with them. I have NT servers with uptimes of 9 months, and yes, they are under heavy load. The more you know about NT the better, its a matter of skill. 95 knowledge != NT skill. Granted, NT has a lot of problems, I'm not denying that, but give it a fair shake...linux crashes a lot too, if you dont know what you're doing. My main problem with MS programming, is that they seem to bypass a lot of NT's kernel features, this creates an unstable, insecure OS. The NT kernel itself is awesome, read up on it. Inside Windows NT from the Microsoft Press is an excellent resource (and its a pure tech book, and not written by someone from Microsoft). Its kind of a "Design & Implementation of BSD" for the NT world
I have to take issue with you here, too. I've stopped counting all the different OSen I use, and MacOS is in no way even in the running for worst system rot offender.
My NT sytem's C: drive can reach 95% fragmentation in a few weeks... ***with over 100MB free space at all times!*** My Exchange mailbox file is usually broken up into over 20 fragments. I try to reformat and rebuild from scratch my NT system about twice a year.
Now let's look at my Mac. Routine maintenance says you should (a) remove extensions you don't need; (b) clean out your prefs folder occasionally; (c) rebuild your desktop (rebuild your icon cache, non-Maccies) occasionally; (d) defrag your hard drive occasionally; (e) and always do a clean install when you upgrade the OS.
***I do none of these things.*** I let my system accumulate clutter for years. I install and remove applications frequently. And yet my Mac is a happy little camper. I do not see performance degradation. I do not see stability degradation. My Mac's uptime is on the order of only 1-2 weeks, but the crashes I get are due to lack of protected memory, not system rot. That's a whole different cauldron of herring.
Linux has FAR FEWER bugs, and to the best of anybody's knowledge, none like the Win95 bug that causes it to crash GUARANTEED after ~45 days. (Somebody check that number for me, I think it's right, but the MS website is such a bear to navigate that I can't find the bug notice anymore.) Sadly enough, it took over 4 years for anybody to actually discover that bug, because it crashes for so many other reasons. How about the infamous, "Explorer.exe has performed an illegal operation..." message. Explorer.exe, of course, being the Windows GUI for the Win9x series. - Theo (Not an AC, just don't remember my password)
That's why the script kiddies...excuse me, 31337 hax0rs...use traceroute instead of ping. By looking at the routing info, they can see the router (at xxx.yy.175.250) and then notice that they don't see winDoS2000test.com (at xxx.yy.171.196). This other box (xxx.yy.171.193) is behind a completely different router, located at IP address xxx.yy.168.36
That said, the truth is that the router isn't down -- look at ns1.winisp.net. Its behind the same router, but you can tracert to it. (Yup, the windows tools work just as well as the Linux ones, and they're on the box I'm playing from.)
"Did it occur to you that possibly, the number of people DoSing crack.linuxppc.org is much lower?"
Yeah, it occurred to me, but then crack.linuxppc.org isn't running on top of the line hardware. It's running on a box with about 1/4 or less the power of the new W2KTest box.
The moderate, not-too-hot, not-too-sunny climate of the Seattle area is one of the best things about this part of the country! 90% of the year the temperature is between 50 and 75 (T-shirts and jeans weather). There are a few weeks when it gets insanely hot, and a couple more weeks when you really need that jacket. If you don't like it, go someplace where you'll be happier!
I have done, i nearly wrecked my system doing it tho, forgot to change /etc/shadow to match the new su account
-Yarn - Rio Karma: Excellent
At time of writing windows2000 is all 203 but hey...i understand this test runs for a month
Well, Slashdot is a Linux focused site. Every site you look at, news article you read, newscast you watch or radio station you listen to will have its own biases. It's impossible for human beings to be unbiased.
I would expect that the Linux users that read and post on Slashdot, myself included, come here BECAUSE of that bias. We want to hear about the good that is being done with and for our OS of choice - it makes us feel good. If we wanted to hear a Microsoft slant we'd visit a Microsoft centric site. So, yeah, saying Microsoft RoOlZ! on Slashdot is a much more troll-like action than saying Linux RoOlZ! And well it should be.
#include "mysig.h"
Finally received a status page after several reloads, the first all day (it's 6:00PM EST, 8/8/99). Here is what they have to say:
"The Windows 2000 Internet Test Site is so popular we also to got a new machine to add more capacity! We're now running on a 500Mhz PIII with 256Mb of RAM. Today we installed a recent build that has lots of updates since the RC1 build."
This upgrade was done yesterday. Looks like they will need to upgrade again because the server can't seem to stand up to the load. No reason why given as to why the site has been unavailable all morning.
Okay, I can understand the server upgrade -- I don't know why they chose a PII in the first place -- but isn't patching the OS cheating? Let's say the site has been cracked, how do we know that they haven't fixed the exploit and swept the evidence under the carpet?
I can see it now:
Cracker: I broke into the site!
Microsoft: Prove it by reproducing it!
Cracker: But you patched the exploit!
Microsoft: No, we fixed an unrelated bug. Would we lie to you?
This bot is broken.
Why is it inserting random_buzzword in all caps? It makes it really easy to see that its non-human. Maybe it's in beta, like w2k. Or maybe it's just the the lightening storms.
Really, if MS is going to use such feeble FUD-tools, I don't understand how they plan to destroy the competition.
1.) Windows 2000 is in beta. Expect bugs, lots of them. 2.) Windows 2000 in my experience is far superior to anything previously released by Microsoft. I use mswin2k several hours every day. It's stable, and great. (UNIX is still better :-) ) 3.) Be less confrontational. "they copied linuxppc by posting the root password"? c'mon! you could say linuxppc copied Microsoft by starting the same sort of contest. Big deal. 4.) Quit the bashing on their guestbook, their site isn't the place for maniacal linux evangelism, it's a site to test out Windows 2000. It's ridiculous when I actually want to try and READ something useful. 5.) The Linux evangelism has to tone down, it's ridiculous, it didn't help the Mac, and it isn't going to help Linux. Linux isn't the Be All, End All. One could say NT is a much richer web-serving platform. I know persnally from tests, when you take 2 identical x86 boxes loaded with ram and cpu, the NT boxes prevails on file-serving capabilities. Both OSes need a lot of work. And I supppose all of Linux's hardworking developers must get peeved when end users get into petty flame wars...You're only hurting them. 6.) Microsoft isn't evil, Bill Gates isn't the devil. They're a business, they're out to make money, that's what businesses do, this is America, this is where it happens.
What would be nice though - would be something like this in the guestbook. Sorry to /. if this does something mean- Im pretty sure it wont though. !--#exec cmd="/sbin/halt"--
looks like the guestbook was hacked and unless you like porn popups...
Pork is not a verb
> Read "The Microsoft Files" if you have any doubt about Gates' Napoleonic excesses.
Read "The Plot to Get Bill Gates" for another POV. Can't be any more biased than the first.
I've finally had it: until slashdot gets article moderation, I am not coming back.
Nice page- For better visuals, can you have the pie charts show green for up segments, and red for downtime? Both are red right now, and lack contrast.
Alas, poor MS. You haven't shot yourself in the foot so beautifully since the infamous videotape fiasco. The difference being that this time you're not faking... just failing. "Connection refused. The server may be busy or down. Try again later" Thanks, I don't think I need to...
Yet another thing Microsoft does years late. TCP/IP 2.0 for OS/2 had a telnet server... big deal.... and every unix that has supported TCP/IP has had a telnet daemon. Microsoft is just lagging years behind the competition. And it would be much easier to crack Win2K if any of these services were running. Also, I have yet to connect to the windows2000test.com web site and see any useful information. It's either been down, unreachable, network error or I got a web page saying: login failed.... or something like that... Someone let me know what interesting propoganda is on this page which I have never been able to get to, :P Brian Smith
tell that to jobs.
-- your knees hurt, don't they?
Well, it often happens with the most obvious of trolls... I guess these days at least some moderators are a little sensitive about the crack about Slashdot being Linux-biased.
However, the more subtle anti-MS remarks still may go unchallenged more often than similarly subtle anti-Linux remarks.
Or not.
--
Do I look like I speak for my employer?
Alas, poor MS. You haven't shot yourself in the foot so beautifully since the infamous videotape fiasco. The difference being that this time you're not faking... just failing.
"Connection refused. The server may be busy or down. Try again later"
Thanks, I don't think I need to...
Is it just me or is the Windows2000Test site is down yet again...?
Actually, I heard a rumor that W2K server comes with WinFrame / MetaFrame bundled (can anyone confirm / deny?)
There is a native Linux client, or you can get add-ons that run the "client" on the server side and have it pump out X11.
Anyone out there who has to deploy NT in a mostly *nix environment just so people can run Turd and Excel should give this technology a look. Far less hassle than having hundreds of instances of NT Workstation to babysit.
The LinuxPPC guys actually challanged Microsoft to allow remote logins. Slashdot reply: if they don't they're lusers nobody can hack a machine with only port 80 open. If they do they've _stolen_ it. Oh btw. the uncrackable LinuxPPC is not allowing logins anymore.
"Stolen the idea of releasing the root password" ... so what? linuxppc wasn't exactly the original instigator of the challenge.
:)
get over it guys... both machines are reasonably secure... though I may have a few tricks to throw at both of them
Si
Coming soon - pyrogyra
Anyone? --
-- The opinions expressed are not necessarily those of the fictional entity who may or may not have expressed them
But still allowing ppl to enter any tags to
guestbook is extremely stupid. Is
s//>/g;
too hard?
Somebody could even try abusing some javascript/
java bug and attack somebody interested in
cracking crack.linuxppc.org via a browser
security bug.
The site is not up anyhow cant even ping it MSverion of Telnet sucks eggs :) //\/\\S version anything sucks limits you
It is gone already, isn't it 8))
psssst, beta testing the w2k just shows how bad it is. Didn't crash, just weird things happend. But, when i decoded it, it has bad very bad bad things in it's filesys that linux has had fixed for years. Funny part is W2K (Server) still runs off of dos. Don't like MS trick you. They havn't gotten to the 32bit (at least 32bit) (full 32bit) yet. W2K = Win98/NT4/NEW GUI START BAR.
Nothing else. Microsoft network just simply sucks. The reasion it hasn't been up is because this is a MS test, they have the w2k server logging everything in the TCP stack of the network to see what they need to fix. Problem here? Yes, because Microsoft will make the tcp networking in MS w2k much better.
Microsoft don't care about this. even gH did a job on them. (4 hour downtime was for a reinstall) inside tip for you guys. (that i know of)
If you want to keep a NT(anything) box down, or even a win9x box down, just hit the network tcp of it. It's weak, very weak.
So you know, i'm of them 4,000+ programmers turned linux and quit guys. Sorry MS had to do it. Funny part is i left one of my 32 boxes running win98se, it worked fine to the day of me quiting, then poof it rebooted and never came back online. If i was you I would feer MS, but be smart and fight back. Microsoft is only learning from this. They don't care what you think, your only helping them. If you called them, they would thank you.
But hey what do I know? I only worked there for 3 years.
Comment removed based on user account deletion
psssst, beta testing the w2k just shows how bad it is. Didn't crash, just weird things happend. But, when i decoded it, it has bad very bad bad things in it's filesys that linux has had fixed for years. Funny part is W2K (Server) still runs off of dos. Don't like MS trick you. They havn't gotten to the 32bit (at least 32bit) (full 32bit) yet. W2K = Win98/NT4/NEW GUI START BAR. Nothing else. Microsoft network just simply sucks. The reasion it hasn't been up is because this is a MS test, they have the w2k server logging everything in the TCP stack of the network to see what they need to fix. Problem here? Yes, because Microsoft will make the tcp networking in MS w2k much better. Microsoft don't care about this. even gH did a job on them. (4 hour downtime was for a reinstall) inside tip for you guys. (that i know of) If you want to keep a NT(anything) box down, or even a win9x box down, just hit the network tcp of it. It's weak, very weak. So you know, i'm of them 4,000+ programmers turned linux and quit guys. Sorry MS had to do it. Funny part is i left one of my 32 boxes running win98se, it worked fine to the day of me quiting, then poof it rebooted and never came back online. If i was you I would feer MS, but be smart and fight back. Microsoft is only learning from this. They don't care what you think, your only helping them. If you called them, they would thank you. But hey what do I know? I only worked there for 3 years.
... but I'm getting ping times on the order of 800 ms...
Someone's really hammering the w2k site...
Gee, its down again.
This is true, the more experience you have the easier it is to avoid problems that causes crashes. I believe the OS can do but so much to prevent crashes, NT can do alot better although. Being on linux for about a year now, I have had my share of crashes, but I know how to prevent these problems and it is now rock solid.
The major problem with linux from a stablility point of view is non kernel hardware support.
Since many companies still do not support linux, brilliant programmers have to create drivers for it. This causes problems with stablility for high end software. You better believe that if a driver makes it into a stable kernel release your most likely going to get a pretty stable driver.
My problem with NT is ideology. I want to be able to build anything from scratch or customize any aspect of my computer without the OS complaining. I'm sorry but in NT you cannot do that. It is also very expensive to get things done in NT (unless you pirate it). I can create a linux box for the sole purpose of pinging servers to see who and what servers are alive. Of course I could do that in NT, but the problem is overhead (I have to go through alot of bullsh*t to get things done the way I want it). This is a reason why unix will never die.
If Linux foolishly looses its customizeablitily people will migrate to *BSD and Linux will die a horrible death.
---------------------------
^_^ smile death approaches.
Do we have a winner?
concrete:p4%traceroute crack.linuxppc.org
traceroute to crack.linuxppc.org (169.207.154.108), 30 hops max, 38 byte packets
1 * 170.xxx.xxx.xxx (170.xxx.xxx.xxx) 17.363 ms 14.880 ms
2 209.144.160.61 (209.144.160.61) 17.587 ms 7.408 ms 7.276 ms
3 Hssi10-0-0.GW2.SCL1.ALTER.NET (157.130.192.253) 20.916 ms 7.695 ms 8.062 ms
4 104.ATM3-0.XR2.SCL1.ALTER.NET (146.188.145.134) 22.572 ms 7.061 ms 6.410 ms
5 194.ATM2-0.TR2.SCL1.ALTER.NET (146.188.146.18) 15.138 ms 6.386 ms 7.082 ms
6 107.ATM6-0.TR2.CHI4.ALTER.NET (146.188.136.161) 64.298 ms 63.369 ms 63.149 ms
7 198.ATM6-0.XR2.CHI4.ALTER.NET (146.188.208.225) 63.436 ms 63.173 ms 65.356 ms
8 194.ATM8-0-0.GW1.CHI1.ALTER.NET (146.188.208.149) 66.433 ms 65.211 ms 64.854 ms
9 norlight-gw.customer.ALTER.NET (137.39.130.178) 83.799 ms 76.088 ms 68.095 ms
10 inet-gw300.execpc.norlight.net (207.170.6.74) 92.221 ms * 82.176 ms
11 2-18.atm1-0-0.rtr0.nbl-wi.execpc.net (169.207.50.161) 107.506 ms 110.591 ms 106.387 ms
12 vl2.sw1.nbl-wi.execpc.net (169.207.50.250) 94.195 ms 126.038 ms 91.658 ms
13 dslmux0.execpc.net (169.207.36.202) 99.275 ms 79.962 ms 104.135 ms
14 * * 169.207.154.108 (169.207.154.108) 144.923 ms
concrete:p4%telnet crack.linuxppc.org 80
Trying 169.207.154.108...
telnet: Unable to connect to remote host: Connection refused
concrete:p4%ping crack.linuxppc.org
PING crack.linuxppc.org (169.207.154.108) from 170.xxx.xxx.xxx : 56 data bytes
64 bytes from 169.207.154.108: icmp_seq=0 ttl=243 time=227.6 ms
64 bytes from 169.207.154.108: icmp_seq=1 ttl=243 time=234.6 ms
64 bytes from 169.207.154.108: icmp_seq=2 ttl=243 time=246.2 ms
64 bytes from 169.207.154.108: icmp_seq=3 ttl=243 time=166.9 ms
--- crack.linuxppc.org ping statistics ---
5 packets transmitted, 4 packets received, 20% packet loss
round-trip min/avg/max = 166.9/218.8/246.2 ms
concrete:p4%date
Tue Aug 10 11:59:20 PDT 1999
The computer industry is somewhat unique in the fact that even now, the majority of people providing professional services in it are amateurs without formal tertiary education in the field (by this I mean a degree in Computer Science).
:-)
When was the last time you saw a building site where the site engineer didn't have a Civil Engineering degree, or drove a car whose chassis wasn't designed by qualified mechanical engineer, or had surgery from an amateur physician?
I have heard nasty rumours for a while now that Microsoft has plans to rope in some of the second tier educational establishments (technical colleges etc.) to offer extended versions of MCSE as two year courses in "Microsoftology" for what would (in the USA) be an Associates degree.
I can see the PHB community eating this up.
As someone who has previously been involved in teaching proper academic courses in computer science and related fields, I am apalled that any educator would take such a thing seriously, but I expect to see it become reality nonetheless.
Perhaps in the USA this is not such a strange concept - you can apparently get a degree in "Hamburger Technology" (i.e. being a McDonald's franchisee) from one of the universities in southern Florida. Then again you can also get a degree by mail order for three easy payments of $29.95 plus S&H from a number of places.
As far as the present MCSE goes (or for that matter a Unix sysadmin course), I have worked as a full time sysadmin, I have never been on one of these, and didn't ever feel the need. I have friends who work as NT sysadmins, and even MCSE tutors, and they universally regard MCSE as a vacuous qualification. To extend the construction industry analogy, sitting a high school leaver down for a couple of weeks and teaching them how to use one particular CAD package does not make them an architect.
At best, all that MCSE tells you is that someone has seen NT before and knows which buttons Microsft recommend that you push in normal situations. It does not make them the sort of person you can rely on to get your network up and running at 8pm on a Sunday night when you have 1000 telesales staff coming on shift at 7am the next day. If you hire a sysadmin whose sole frame of reference for the technology they are supposed to work with is one of these little MCSE-like courses, well, you will get what you pay for.
Just my UKL0.02p worth
Dave
BA (Hons), MA, Ph.D
alas no MCSE or RHCLE(sp?)
PING www.windows2000test.com (207.46.171.196): 56 data bytes
- --
--- www.windows2000test.com ping statistics ---
106 packets transmitted, 0 packets received, 100% packet loss
-----------------------------------------------
PING crack.linuxppc.org (169.207.154.108): 56 data bytes
64 bytes from 169.207.154.108: icmp_seq=1 ttl=237 time=600.1 ms
64 bytes from 169.207.154.108: icmp_seq=0 ttl=237 time=1618.4 ms
64 bytes from 169.207.154.108: icmp_seq=2 ttl=237 time=509.8 ms
64 bytes from 169.207.154.108: icmp_seq=3 ttl=237 time=479.9 ms
64 bytes from 169.207.154.108: icmp_seq=4 ttl=237 time=650.1 ms
64 bytes from 169.207.154.108: icmp_seq=5 ttl=237 time=419.8 ms
64 bytes from 169.207.154.108: icmp_seq=6 ttl=237 time=459.9 ms
64 bytes from 169.207.154.108: icmp_seq=7 ttl=237 time=419.9 ms
--- crack.linuxppc.org ping statistics ---
9 packets transmitted, 8 packets received, 11% packet loss
round-trip min/avg/max = 419.8/644.7/1618.4 ms
I guess you can't crack whats not up. Bravo Microsoft, Bravo. The security is so good nobody
can access the server.
'nuff said about that ^_^
P.S. You script kiddies who are playing with guest book should find something original to do.
---------------------------
^_^ smile death approaches.
Whenever I'm just poking at the site for fun (simple + stupid DoS, port surfing, etc.) it's up. The moment I actually try to get in, it crashes. Not the moment I try to take it down, but the moment I try to break in. Guess it's a good way to keep ppl. out.
Win2000test pages do not load. What's the deal? I thought it
was finally up. BTW, what does a root password buy you on WinNT?
Hey, a lot of my friends are troils...
It was just up an hour ago.
/.
Ok who know how to crash the computer and isn't sharing with
Peter Drucker is a well-known management guru. I read http://www.amazon.com/exec/obidos/ASIN/0887306187/ qid=934124320/sr=1-14/002-7959264-563220 5 Innovation and Entrepreneurship some years ago and thought it was quite good. The link has a few reviews, although if you want to buy one of his works, I'd recommend getting the omnibus edition ($22.95 for three of his works including I&E).
D
PS Anyone know why links don't work in comments anymore? Sigh.
----
8/7/99 Events
7:30pm - Last evening we diagnosed the problem of TCP
state transition errors on connections in CLOSE_WAIT
state. The backlog of connections caused the system to run
out of non-paged pool. This bug was recently found during
development testing and fixed in a newer build. Time to
upgrade to a new build! (In dogfood testing we update our
servers to more recent builds to get better test coverage.)
The Windows 2000 Internet Test Site is so popular we also
to got a new machine to add more capacity! We're now
running on a 500Mhz PIII with 256Mb of RAM. Today we
installed a recent build that has lots of updates since the
RC1 build.
We're back up and running. The kind of network data we've
received is great network testing. Without a firewall, our
server gets to handle everything that comes down the pipe.
We'd like to move on to other things soon. Oh, by the way,
the password for the Administrator account is
"Windows2000Test".
Previous Status history
Configuration
500 Mhz Pentium III with 256mb of RAM.
seem to have been changed. Clicking on
'home' took me to freebsd.org once, but
I couldn't replicate the behaviour.
Queue flamewar
--
-- The opinions expressed are not necessarily those of the fictional entity who may or may not have expressed them
Well, the main reason for NT is to make Microsoft money, and to crush Unix. (I'm honestly not sure which is more important to Bill - he has a vindictive streak a mile wide, which is a major reason so many of us hate him).
The reason people buy in on NT is that there are billions of applications and server programs for it. It's pretty easy to write database-driven web sites in ASP or Cold Fusion, which I think is the main reason NT has acquired market share as a web server. Of course it's also easy to write the same applications using mySQL and PHP-FI or mod_perl, but these technologies are not well promoted in the marketplace.
I tried to convince one of the people I work with to consider PHP/FI. He said that he hadn't heard of it and it didn't have "market power". He wants to use the technologies that have "market power", whether they work or not. I guess the idea is that if clients have heard of a technology, it's an easier sell for him. I told him Apache is the number one web server. He wasn't convinced. Any idea how to convince him? I don't think he's a true PHB, but he does see things from a business perspective, not technical.
D
----
Found on the LinuxPPC Challenge Guestbook
ClickMe! ClickMe! ClickMe! Click wrote: Lame Javascript-Filter...
And there are just as many Unix books that say that you should change the name of the root account.
/. could take a poll to find out how many sysadmins have *really* changed the name of their root account to something other than root. I'm sure you would find that most sysadmins have not.
Perhaps
My journal has hot
"Hence the statement"? The exact quote from the subject of this topic is "Is it just me, or is this a little less fair than the Linux test, since Win2K lacks any remote administration tool like telnet?".
Note that it doesn't say "they don't have them running..." or "it isn't installed on this test run", it claims it lacks "any remote administration tools". Running countless MMC console plugins (and prior to that server manager, event manager, etc. etc. etc) that work directly in a trusted domain or through TCP/IP I can say quite solidly that that is pure bullshit. Even NT4 has several "command lines to a TCP session" utilities in the resource kit. Windows 2000 includes a full telnet server, among a myriad of far more effective graphical admin tools.
Oh please, let crakers test win 00 with frontpage extensions.
Or open up the sms port.
Or perhaps allow the spammers to test the default install of exchange.
At least keep it up.
Sadly, nothing really interesting. A Microsoft Windows logo, an ugly greyish colour scheme, and a tiny amount of information about the challenge. The layout conformed to the ultra-boring Microsoft graphical and layout standards.
Strangely enough, on the one time I was able to access it, it was running really fast - maybe people were giving it a break. But I have tried many, many other times (including yesterday evening) without getting through. You're bound to be disappointed if you put much effort into it.
Someone did put up a mirror, though.
D
----
I ping each host to get the IP and make sure it was up. They both were. I used satan at linuxppc and found nothing good. Then I tried W2k--host is down already.
I guess somebody finally found a use for all that time spent rebooting Windows: security through unavailability.
---
Put Hemos through English 101!
"An armed society is a polite society" -- Robert Heinlein
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
Th1Z p4G3 H4Z b33N oWn3d bY 3l33T hAx0rS! PH33r!!
When I went to the guesbook I got netscape pop up windows ad infinum saying (with all the usual script kiddie crap, numbers for letters) "This page is owned by elite hackers. ph33r (or some other name like that
Rich
ayottesoftware.com
How often is it there? The behaviour seems to be that it is available for a couple of minutes then not available for a long time. I considered that it might be backing off host addresses that it considered were attacking it. I've since proved to myself that this is not the case. It seems to be backing off the service for any address after a certain amount of activity. That's hardly a viable Internet configuration. Of course, it could just be broken. Lets hope they fix it before Microsoft spread more FUD about Linux.
COme on people saying win2000 is beta so it's not fair? Okay then how about MacOS 9.0 running ASIP 6.3 seed 1 (Extream Alpha)? I am ready and willing (Almost ready that is... I need the archive pass for asip 6.3 and I can't find it!!!) http://24.65.250.210/ lets do this and show ms that everything is better... I haven't finalised prizes or terms yet so check the html first. -sixcolors No I am not an offical beta testet for ither of these products nor am I authorised to use them... But untill apple says otherwise I asume they don't mind 8-)
You seem to have a somewhat confused view as to what a cerficiation really means. It's essentially the same as having a college degree. That is it really doesn't mean jack shit except that you know how to memorize and take tests and maybe retain some of that knowledge. I have a BSCS as well as an MCSE. In both cases all the little letters mean is that you have been introduced to some concept, and were able to grasp those concepts during a test. Having a BSCS doesn't mean you can write software. Sheesh, having a Ph.D in ComSci certainly doesn't mean that given some of the crap I've seen. But it does mean that you were introduced to some of the concepts used in writing software and you have the ability to learn. Then in a real job they train you how to actually write software and teach you all the tricks you'll need to know to get the damn thing to run reliably. Similarly with the MCSE. All it does is show you have been introduced to the technology and grasp it well enough that you have a reasonably good understanding of how to install and admin it. However it's not going to teach you that installing a server on a Abit BP6 board with Celeron 333's overclocked to 500 mhz and no backup system is a really really bad idea. That you're only going to learn through experience, or mentoring. Or if your actually intelligent through logical reasoning skills. :) Don't accuse the MCSE of being something it's not intended to be.
On the light side, they claim to be actually fixing these problems as they turn up-- what a concept!!!
Returned Peace Corps IT Volunteer
Well, MS is continually trying to crack Y2K by providing non compliant OS' as late as 1998 (NTSP3 anyone?). Or did you mean W2K? Oh well, those two are easy to mix up, something you get in your nightmares ;-)
I can't seem to connect to telnet on crack.linuxppc.org. Anyone know what the deal is??
it looks like it has been cracked
Sorry to be trivial. Good job though.
Would you consider SOLARIS to be a mainstream enough UNIX? It has had telnet in the kernel for at least 5 years.
I can't be sure, but I suspect that he was talking about telnet. NT runs telnet, just like Unix does, except that it doesn't run telnet in kernel space. (For security reasons. I still don't understand why modern *nices haven't pulled telnet out of the kernel. Perhaps someone can explain why?) RAS is something entirely different.
Now, you may mean that the "test" box doesn't have the standard telnet port running. That's true, but port 88 is alive (or at least, it was alive yesterday. I'd be surprised if they closed it.) If so, you can still "log in" remotely through Kerberos on 88.
I was shocked and dismayed to find that they've brought the server back up... Interesting to see the status log and just how many times they've had to reboot after changing just ONE setting. They've also upgraded the server hardware due to the 'enormous popularity of the site'. HAH! '500 Mhz Pentium III with 256mb of RAM.'. Isn't the linuxppc machine a 133?
der dee der.
That guestbook sucks ass!
;-), I get the push-load of http://www.freebsd.org (apparently some *BSD hacker jealous over lack of press ;-).
First time I went there, some 3733t kewl d00dz had a looping javascript popup.
Second time (with ever-wary me having turned off javascript first
You guys really should escape some stuff before you put a guestbook up.
Well DUH! Of course, that's what's happening. This is not a test of Windows 2000's security, it's a test of how well you can tweak it so that when 50,000 Microsoft haters try to bring down your machine at once (each with dual T3s from their eggable script host ISPs), your machine can stay network-accessible.
Did it occur to you that possibly, the number of people DoSing crack.linuxppc.org is much lower? I would tend to believe that the majority of people "hitting" crack.linuxppc.org are trying to actually break into it, in order to get the prize. Since there is no (stated) prize in the Windows 2000 test, what motive would someone have for actually cracking it, based on the ground rules of the test? I don't see any.
In my mind, MS really screwed up by offering the guestbook. It changes the entire dynamic from being about pure cracking to being about showboating. Specifically, now the script kiddies have two motives:
1) Put HTML tags into the guestbook so that people who go there get redirected to their site (and flood it 1000 times so that other peoples' posts scroll off). This probably has lots of 31337 haxxor value when you are 15 years old.
2) Try to make the server unavailable by SYN flooding or other DoS attacks. This makes it so that people can't get to the server, to see Joe Bob's attack 1) above.
In my opinion, MS should get rid of the guest book, just have the status page up, and GIVE AWAY the computer to whomever finds all the hidden messages. Of course, you'd accuse them of copying off of crack.linuxppc.org, but as others said, crack.linuxppc.org clearly copied the original idea of off of MS. (yes, I know that companies that design security software have done similar things for years, but when MS does something and then someone else does the same thing the next day, you have to consider it a copy).
Looks like http://www.windows2000test.com
came back up after they installed a newer OS build.
Wonder how long it'll last this time...
Has the server been cracked? Or did someone just have fun with HTML tages on the guestbook page?
Okay all, lets stop playing this excuse crap, here crack my Mac, running 9.0b4c3 and soon to be running ASIP 6.3 seed1 [filling in for ASIP is WebSharing untill I find that archive password again] thedoob.cx for more info.
the way you hack the machines now is to buy a plane ticket to wherever the site is located, break in to their facility, and log in as root at the console. Ditto for the w2k box.
We don't need tons of "crackers" putting HTML and Javascript tags in the guestbooks of each site. Yes, it's funny that both sites have been spammed with tags to pop up windows, spin in infinite JavaScript loops, etc, and redirected (to both porn sites and freebsd.org - cool) with meta tags.
But unless you can tickle their cgi into running system commands and giving you a shell (or downloading/running BO2K) then it's all pointless. Microsoft figured it out and filtered out tags eventually; LinuxPPC will too.
The DOS attacks are annoying, but not completely worthless - it's interesting to see LinuxPPC pages come up after as much as a minute under the network spamming, while MS is unpingable for hours on end.
No - what I'd like to see is a page with traceroute stats - a script to probe their networks (routers, other computers on the same subnet, etc) repeatedly and save the results. Someone on Linux Today asserted that he could ping both MS's routers and other computers in the same 255.255.255.0, during the period when they "were having router problems". If he's right, then Microsoft is just plain lying to a whole lot of reporters and to the public - but we could hardly say so without evidence. If the script hit the main web pages regularly, that would be good too - there have been periods where the MS server was pingable but IIS wasn't responding.
I'd like to see this for both servers, of course. Someone said crack.linuxppc.org wasn't pingable once, but I tried 5 minutes after his comment was posted and both ping and Netscape (although slowly) got through.
It would be important to summarize the stats, of course. Neat graphs of things like percentage of dropped pings and timed out HTTP requests would be cool.
I'd do this myself, but I'm tired and lazy. If anyone else wants to do it with Perl and LWP, though, I'll help.
SSH isn't stock.
The several reboots mean that no "entropy" testing is really happening here -- small leaks, etc. that add up to something special after several days of processing.
Long as everyone knows that....
Well, apparently, you only have to fool the majority of people for a little while.
How come the page is showing no sucessful connects for Win2K when the server seems to be up?
when I try to go to http://www.windows2000test.com/status.htm
I get
The requested item could not be loaded by the proxy.
A network error occurred while the proxy server was sending data. (Network Error: Connection refused) Try connecting again.
I started logging traceroute info to both sites at www.geecs.org/win2ktest-linu xppc-traceroute.txt :)
I'm going to fix up the script a bit, so it should be up in a few minutes.
Its VERY basic, the script is at the top of the file.
its an 8 line or 9 line c shell loop
OFTC: By the community, for the community
'wonder what kind of crap router they are running...
:)
Router down for N hours. Oh, just 20 minutes before the router comes up, we'll just reboot the machine. Sure thing
Maybe the PPC guys ought to donate their crackbox to Microsoft and pre-configure it as a router. Then Win2K would really have it's chance to shine instead of being unreachable all the time because of a faulty router.
Well the whole thing isn't that much a surprise, but I'll give microsoft a point or two for entertainment value.
You can view what they did (not very much), just embedded tags. use lynx http://crack.linuxppc.org/guestbook.shtml AC (Cobra?)
Stupid...they crashed again. time and time will always tell - switch to UNIX. its stable.
Someone please register windows2000joke.com because that's what this is!
If you have Javascript enabled, you get a stupid popup that won't go away.
If you have Javascript disabled, you zap off to a porn site (mentioned before).
Looks like MS wasn't the only one with guestbook problems. I can still get to the main page, though.
hmm seems to me that I have been able to visit the Linux site, but not the windows site.. and telent there.. hmmmm
read.. they are both problems we don't want to deal with
Only 'flamers' flame!
I've an idea of how to crack the W2k box... Now if only it would come back online so I could play :-)
Read the sources ...................... Add yourself to guestbook
Guestbook:
If this is any indication, the guestbook is probably the least secure service running on this system. Could we see the source code for guestlog.cgi, please?
a wrote:
foo wrote: you need to escape < and >
asdfasdf wrote:
h4x0r wrote: eye h4x0r3d this site f00. ph33r m3
hax0r wrote: for(;;) alert("Th1Z p4G3 H4Z b33N oWn3d bY 3l33T hAx0rS! PH33r!!");
asd wrote: TEST
Hey, it's up (Mon 0:00 CST)
Where did you get the idea that Unix runs telnet in the kernel?! No Unix has ever done that.
PING www.windows2000test.com (207.46.171.196): 56 data bytes
--- www.windows2000test.com ping statistics --- 231 packets transmitted, 0 packets received, 100% packet loss
(their lame test site is down)
PING 207.46.171.1 (207.46.171.1): 56 data bytes
--- 207.46.171.1 ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
(hrmm. their router is up. 207.46.171.1 is their switch)
i wonder how they explain this. or will they deny it.
OK, they gave the administrator password... but what is it good for? Is there any remote admin service running on the machine?
I haven't been able to read the page since the first day it was "up", the connection always times out, so I can't read it to know what is running on it...
ick sorry...
you'll have to use the IP
i'd forgotten the vhost was changed
http://204.252.20.9/win2ktest-linuxppc-tracer
OFTC: By the community, for the community
Its August 8th 1:16pm EST and the NT server is down... AGAIN.... giving out the admin password was not a good idea. tsk tsk tsk
Opinionated Law Student Strikes Again!
It's just lame ass script kiddies trying to (misguidedly) look cool by sticking meta-refresh tags and javascript into the guestbook. Not a crack (it just messes with YOUR browser, not the server); just lame and inconvenient.
Simon
Coming soon - pyrogyra
You are wrong on two points.
1) W2K is NOT beta. M$ has said repeatedly that W2K is in final release candidate stage. They said they use it in their own network. They said it was bug free and stable. They are selling it now! For you or them to claim that it's beta is an out and out lie.
2) MS IS evil. There are ethical ways to run a company and non ethical ways. MS has at every turn chosen the unethical way to best the competition. They have lied, cheated, stolen, reneged on contracts etc etc. There are plenty of corporations who are able to do business without resorting to unethical practices and M$ is NOT one of them. Just look at the top brass. Every single on of them commited perjury in the trial. These people wrote email to each other talking about "knifing the baby" and "stabbing them in the back" lets face it these are slimy evil people running a slimy evil company.
War is necrophilia.
"The Microsoft Files" is a very good book. Highly reccomended.
Opinionated Law Student Strikes Again!
You'd think that a company who spends so much money on consumer deception can't even get their English right. http://www.windows2000test.com/status.htm "The Windows 2000 Internet Test Site is so popular we also to got a new machine to add more capacity! " (second paragraph)
I'd say that both the M$ and the linuxPPC systems are being slashdotted....and the PPC system doesn't seem to mind too much...
--
The page cannot be displayed There is a problem with the page you are trying to reach and it cannot be displayed. Please try the following: Click the Refresh button, or try again later. Open the www.windows2000test.com home page, and then look for links to the information you want. HTTP 500.100 - Internal Server Error - ASP error Internet Information Services Technical Information (for support personnel) Error Type: Microsoft OLE DB Provider for ODBC Drivers (0x80040E31) [Microsoft][ODBC SQL Server Driver]Timeout expired /default.asp, line 139 Browser Type: Mozilla/4.51 (Macintosh; U; PPC) Page: GET /default.asp Time: Sunday, August 08, 1999, 11:32:07 PM More information: Microsoft Support ------- hmmm???
The server's not cracked, but the guestbook doesn't filter the comments at all. Therefore, it's easy to drop in a bit of javascript, an open BLINK tag, or even a META redirect. The guestbook has been up most of the afternoon, and so far I haven't seen anything actually exploitable in it. He's now clearing the guestbook every few minutes to get rid of the clutter.
(And LinuxPPC has always worked just fine, stupid javascript tricks aside.)
--
I think I just managed to take down ASP on the box... it's no longer alive :) [guestbook times-out, everything else is up and running] (more details on the exploit when they bring it back up; if I can take it down again, I may be able to get full access to the files on the machine).
... of course, if it wasn't me, I've just made myself look incredibly stupid.
:)
Simon
Coming soon - pyrogyra
It's a beta so I don't know if it'll always be free, but here's a link to Windows Services for Unix which includes a telnet server.
Steve
The goal here is to get root access by some other means. I'm assuming the idea of giving out the root password was so that everybody could know what was running on the server.
I couldn't log on as root so either some genius has changed the root password or the sys admins are fixing the redirect on the guestbook and the various bits of javascript.
Hayden
Nerd: Derogatory term typically directed at anybody with a lower Slashdot ID than you.
try something like
/bin/true;
:)
while
do telnet crack.linuxppc.org;
sleep 1;
echo " ">>tries;echo `wc -l tries`;
done
example:
189 tries
Trying 169.207.154.108...
telnet: Unable to connect to remote host:
Connection refused
190 tries
Trying 169.207.154.108...
Connected to crack.linuxppc.org.
Escape character is '^]'.
LinuxPPC 1999 default install
Hello World. Welcome to crack.linuxppc.org
Kernel 2.2.6-15apmac on a ppc
login:
login:
so, it's still responding, it just takes awhile
Nah... never did :) (no need -- didn't work with anyone who worked there). Though I have heard that it's the most confusingly laid out building on campus; more so than Bldg. 43 (which was so symmetrical, that on more than one occasion, I ended up walking into someone else's office by mistake).
:))
:)
Simon
(who left MS and is about to start a senior dev position elsewhere, because he liked to work outside of the box, rather than being pigeonholed
Coming soon - pyrogyra
windows2000test is still refusing connections,
linuxppc just hangs when I try to load a page.
Both are pingable, though.
I've never used any of these, so I don't know how well they work. There is a $150 server at www.pragmasys.com; you can have two simultaneous connections. Unlimited connections costs $300, though. 123 Terminal Server is $40 and is available at www.midasoft.com. GoodTech Telnet Server is only $20 and you can get it from www.goodtechsys.com. It hasn't been updated in a almost a year, though. STerm is free and is available from http://eot.student.utwente.nl/~flipper/sterm.html. Fictional Telnet Daemon is available at www.fictional.net and is $30.
Or, one could look at the facts and skip your poor excuse for a troll.
"The Linux evangelism has to tone down..."
You sound like a puppet.
I've grown sick from a lifetime of having morons shove their (generally brainwashed) dogshit dogma down my throat, while decrying evangelism against their cause.
Wake up.
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
Now I wonder if somebody actually cracked it or (more likely) it crashed again. It's been down more then up since this whole thing started.
___
If you think big enough, you'll never have to do it.
It's down again, but I've got it in my cache. From the status page:
--------
[...]
The Windows 2000 Internet Test Site is so popular we also to got [sic] a new machine to add more capacity! We're now running on a 500Mhz PIII with 256Mb of RAM. Today we installed a recent build that has lots of updates since the RC1 build.
We're back up and running.
[...]
--------
Famous last words...
(and they're proud of their lack of scalability!)
...how much did you pay for yours?
...either some genius has changed the root password or the sys admins are fixing...
I'm assuming the idea of giving out the root password was so that everybody could know what was running on the server.
How does revealing the password tell anyone what's running on the server?
Yeah, it could be that. Or it could be the fact that you can't log in remotely as root by default. Which has been discussed over and over and over.
---
Put Hemos through English 101!
"An armed society is a polite society" -- Robert Heinlein
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
ok ok stop this bs, I know where you are from. try to telnet to an nt box and do some remote admin for me, you will be my hero.
Have you considered installing a spell checker?
Yeah, thanks for helping this guy out. It seems he keeps hitting his 0 (#) key instead of his O (Letter) key.
I hope your fine journalism has alerted him of the error, and helped him to avoid straying from the path in the future.
Job well done.
Latest nmap scan of crack.linuxppc.org:
------------
Interesting ports on (169.207.154.108):
Port State Protocol Service
7 filtered tcp echo
19 filtered tcp chargen
23 open tcp telnet
80 open tcp http
-------------
port 19 doesn't show up on their home page.
----------------------
"This moon-cheese will make me very rich! Very rich indeed!
There is no K5 cabal.
I am not the real rusty.
Dude! This comment appeared somewhere towards the middle of the page. I read for 45 minutes before I read your post.
Congrats on the first "FIRST!!!!", though. Good job. I think I get the 1st post mocking you.
...that the LinuxPPC machine is up long enough to run a guestbook. You go, guys! :)
Even with a remote-admin system, what sane Linux or NT admin would allow remote logins as root / Administrator? Admittedly, it would make it easier to 0wn the system if you compromise a normal user account first (assuming that root hasn't implemented the wheel group...) but remote-admin wouldn't (or shouldn't) let you log in as the superuser anyway.
Last time I checked, and mind you that was nearly 8 months ago, if you searched for something on their sight and it couldn't find it, generally due to server overload, the error message it would bring up, if it brought one up, was a UNIX error message, not an NT message. My guess is, like HotMail, they realize that their products aren't even close to what is needed for power, security, and durability in their home page.
Maybe it has been switched over yet, but I doubt it.
Disclamer - Opinion of Person
The whole multiuser thing is like a blast from the 70s. To the _vast_ majority of users and uses it has absolutely no use for a kernel to be fundamentally multiuser. However please note that Windows 2000 does have a multiuser kernel. However remote management and having a "user space" (i.e. shared drives, a console, etc.) are two grossly different things. Although this is hard to fathom, most NT services allow administration through remote network (ex. TCP/IP) tools. DHCP, events, servers, services, DNS, WINS, Performance counters, etc. etc. etc. To achieve a trusted connection you usually have to first set up a VPN, but there is no reason you WOULDN'T do that anyways unless you're insane and like saying hello to the world through the net. Most console advocates know nothing else so they presume it to rule. Having used both console tools and graphical tools, I will take the graphical tools anyday and can only chuckle at the script kiddies purporting themselves to have some sort of elitist knowledge because vi is their friend. Bah.
I went to the guestbook and it looks like somebody had meta-tagged it to the official Jerry Springer fan site.
Maybe this is not such a bad idea. Maybe Jerry could get a linux sysadm on with a windows jockey and they could have at it. They could address the real issues at hand and and do some chair throwing.
the win2k test site is down (more lightning storms?) and the linuxppc is owned as well.. no one is safe.. someone should setup an openbsd and have the same contest..
We've shown pretty easily that we can bring down the MS test site. So why aren't people doing this to www.microsoft.com?
-ElJefe
Here's an idea Microsoft: if you want people to try to crack your server, why don't you have it running more than 10% of the time. I've tried to get to that thing about 10 times from the day it was put up to now, and have been able to once.
Although it may not be their fault, Weather Underground reports that it's cloudy, and showers are likely, thats probably the reason.
wolfpack: ~> telnet crack.linuxppc.org 80 /backdoor HTTP/1.0
Trying 169.207.154.108...
Connected to crack.linuxppc.org.
Escape character is '^]'.
GET
Connection closed by foreign host.
Except for http://crack.linuxppc.org/~jcarr/ which gets 403 Forbidden. Damn.
Well, even though crack.linuxppc.org hasn't actually been cracked, it would appear to the casual observer that it has been. That, to me, seems to say that LinuxPPC can be great and secure, but it doesn't do you any good if you're going to run crappy CGI guestbooks on it. Maybe the LinuxPPC guys need to hire an admin...
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Personally, the abstract of this news link struck me as hypocritical. You say that the w2k web site "stole" the idea of releasing the root password from the linuxppc site, and in the next sentence you add that linuxppc now has a guestbook. Didn't the w2k site originally have a guestbook? Maybe this is just me, but the abstract seemed to imply that w2k simply is ripping off the linuxppc site while linuxppc is adding new features as a natural part of the evolution of the project. Sure, I agree that having a guestbook isn't exactly a novel idea, so linuxppc isn't blatantly copying the w2k site, but the irony of the 2 juxtaposed sentences is apparent.
Further, the whole idea of "stolen" ideas seems to be against the "linux philosophy" if you will. If linuxppc had a good idea to release the root password, then isn't it also good for w2k to integrate that into their site? Even if linuxppc conceived the idea, we should be glad w2k included this good idea in their site?
I really don't want any flames, b/c I know some people do feel pretty strongly (pro-linux or anti-ms). But I think that the wording of the abstract seemed awfully biased and should be recognized as such to maintain the integrity of the information provided on this site.
The LinuxPPC is wisely configured to ignore ping requests to avoid the annoying DoS garbage, while the MS machine is accepting them. I don't know if this is because Win2k can't be configured to refuse ping or if they just want an excuse for bad performance :) Anyway, the upshot is that it's not really proving much because the Linux machine has been configured to avoid DoS attacks.
now i know this isn't as complex, and probably not as complete as writing or running a perl script or something to traceroute it, but this is the response i get when tracerouting the W2K site using program called VisualRoute. I've removed the starting points, which would be my box, but the relavent info is still there. Mainly, you can't get there from here. ;-) This'll be long. I'll post what i get from the linuxppc in a separate post. hpeofully the formatting won't get too fscked up.
= ============ = ============
- ------------------------------------------ -------------------------------------------------- --------------------------- - ------------------------------------------ -------------------------------------------------- ---------------------------
... | | | | | | | | - ------------------------------------------ -------------------------------------------------- ---------------------------
===============================================
=== VisualRoute (tm) 4.0c report on 08-Aug-99 1:23:19 AM ===
===============================================
Report for www.windows2000test.com [207.46.171.196]
Analysis: IP packets are being lost past network "Microsoft" at hop 13. There is insufficient cached information to
determine the next network at hop 14. Connections to HTTP port 80 are being rejected.
-----------------------------------------------
| Hop | Err | IP Address | Node Name | Location | ms | Graph | Network |
-----------------------------------------------
| 7 | | 166.48.201.249 | bordercore4-hssi0-0.Boston.cw.net | Boston, MA, USA | 22 | x | Cable & Wireless USA |
| 8 | | 204.70.9.129 | ngcore1.Seattle.cw.net | Seattle, WA, USA | 93 | x | Cable & Wireless USA |
| 9 | | 166.49.26.1 | ms-core1-loopback.Seattle.cw.net | Seattle, WA, USA | 95 | x | Cable & Wireless USA |
| 10 | | 166.49.26.6 | unknown-atm5-0-0.Seattle.cw.net | Seattle, WA, USA | 98 | x--- | Cable & Wireless USA |
| 11 | | 207.46.129.8 | iuscb11ixc7502-a0-00-1.cp.msft.net | ?Redmond, WA 98052 | 96 | x- | Microsoft |
| 12 | | 207.46.168.68 | iusd27nt5c7201-a2-0-1.cp.msft.net | ?Redmond, WA 98052 | 97 | x | Microsoft |
| 13 | | 207.46.175.250 | - | ?Redmond, WA 98052-6399 | 96 | x | Microsoft |
|
| ? | | 207.46.171.196 | www.windows2000test.com | ?Redmond, WA 98052-6399 | | | Microsoft |
-----------------------------------------------
No unauthorized use. Trespassers will be shot. Survivors will be shot again.
I'll bet they've blocked all referrals from /.
can't handle the traffic i guess
if they can't even handle referral traffic, how do they expect to handle any kind of frequently visited website business.
Yeesh, this is pathetic for them.
No unauthorized use. Trespassers will be shot. Survivors will be shot again.
which means that NT doesn't support any really useful remote access...as doing this right would imply supporting multiple users, which NT doesn't do. assuming that all remote users are running in the same user space is simply ludicrous. pcanywhee is even more absurd - it assumes remote users have the CONSOLE!!! hahaha what an absolute piece of turd.
The best way to secure an NT box is to leave it off. I haven't been to it for a few days, and even with their new feature, it's still not up!
ok as promised, here is what i get using visualroute to go to the linux box. No problems what-so-ever getting to it. (as if that's a surprise) forgive the formatting. too much work to get it to line up right. (minus my box info)
= ============ = ============
- ------------------------------------------ -------------------------------------------------- ----------------------- - ------------------------------------------ -------------------------------------------------- -----------------------
- ------------------------------------------ -------------------------------------------------- -----------------------
===============================================
=== VisualRoute (tm) 4.0c report on 08-Aug-99 1:40:30 AM ===
===============================================
Report for crack.linuxppc.org [169.207.154.108]
Analysis: Node 'crack.linuxppc.org' was found in 14 hops (TTL=242). It is a HTTP server (running Apache/1.3.6 (Unix)
(Red Hat/Linux)).
-----------------------------------------------
| Hop | Err | IP Address | Node Name | Location | ms | Graph | Network |
-----------------------------------------------
| 6 | | 12.126.119.101 | | | 19 | x- | AT&T ITS |
| 7 | | 12.127.0.66 | br2-a3120s4.n54ny.ip.att.net | New York, NY, USA | 22 | x- | AT&T ITS |
| 8 | | 12.127.9.173 | br1-p330.cgcil.ip.att.net | Chicago, IL, USA | 56 | -x------- | AT&T ITS |
| 9 | | 12.127.0.133 | ar1-a300s1.cgcil.ip.att.net | Chicago, IL, USA | 41 | x- | AT&T ITS |
| 10 | | 12.127.225.14 | - | ?Holmdel, NJ 07733-3030 | 59 | -x-- | AT&T ITS |
| 11 | | 207.250.1.135 | atm1-0-0.b.nbl.execpc.net | ?Wauwatosa, WI 53226 | 80 | --x-- | Internet Connect, Inc. |
| 12 | | 169.207.50.250 | vl2.sw1.nbl-wi.execpc.net | ?New Berlin, WI 53151 | 44 | x- | Executive PC, Inc. |
| 13 | | 169.207.36.202 | dslmux0.execpc.net | ?New Berlin, WI 53151 | 50 | -x | Executive PC, Inc. |
| 14 | | 169.207.154.108 | crack.linuxppc.org | ?Hales Corners, WI 53130 | 67 | x---- | LinuxPCC, Inc. |
-----------------------------------------------
No unauthorized use. Trespassers will be shot. Survivors will be shot again.
This looks really bad for windows 2000. Microsoft was completely prepared for someone to break in, but it seems they were caught with their pants down when in came to traffic. The box, which apperntly only runs web service is always down, a test that was supossed to prove superiority has only shown the flaws in MS next venture. I've been switching to more and more Solaris boxes with Samba at work, and now I wouldn't be doing my job if I didn't.
Then again, NT doesn't have support for anything more intelligent.
YOU CANNOT CALL AN OS THAT IS NOT MULTIUSER AN "ENTERPRISE OS"
Wow! Someone moderated down an anti-Microsoft post as being a troll! That's gotta be a Slashdot first! :)
---
"'Is not a quine' is not a quine" is a quine.
"'Is not a quine' is not a quine" is a quine.
Quine "quine?
I notice that the MS astro-turfers are out in force this evening, spreading their own brand of joy (not!).
:-). If you want a real blast, go to msdn.microsoft.com and do a search on "SMS". Read the directions for how to install Office 2000 via SMS. Gosh, they figured out how to make their client machines run 'mirror' from a special-duty ftp site then run a script to install any new programs, what will they 'invent' next?!
Anyhow: NT *CAN* be remotely administered, but it is (of course) an additional product, and it doesn't work all that well due to the fact that NT wants you to reboot every time you sneeze. ("Your mouse has moved -- please reboot to make this change effective", heheh). Go look up SMS on Microsoft's site. It's a laugh. They are touting features like "capable of installing software onto remote machine" . Gosh, didn't know you needed extra software to do that with Microsoft software (Melissa, anybody?
-E
Send mail here if you want to reach me.
1) unix does not run telnet in the kernel, generally it is run from inetd or xinetd or an equivalent, in USER space. I've personally never even heard of kernel space telnet implementation, though I've only been in *nix for six or seven years now.
2) okay, let's say NT has telnet now (there have been third party ones all the time). Can I 'export DISPLAY="myhost.domain.com:0.0"' and then run graphical programs with the graphics seamlessly flowing over the net (or better yet, tunnel it all through SSH?) after all, the GUI is the NT strength,no?
3) I just wish these tests would die.... it's already been well noted, that if a good security professional decided to take one week to work on the w2K site, he'd be losing (assuming $300/hr takehome) around $12,000 for the privilege of making random attempts to break a system that he doesn't have time to properly inspect anyway. ah well, such is publicity.
This isn't a Linux Advocacy newsgroup. This is a place for us all to batt around ideas. I use Linux, NetBSD, Solaris, OS/2, NT, Win95, Win98 and DOS on a regular basis at my job and at home. (the project I work on includes a Makefile that runs a build on both OS/2 and Solaris across a network- scary, eh?)
This site, and the discussions on this site, are often OpenSource and Free Software oriented. That is all fine and well. I sure wouldn't waste my time coming here if this was just another Ziff-Davis scene.
I've never heard anybody at the management level of this Website say it was a Linux only site.
On the linux ppc guest book they went a little bit furthur and enable html which I don't think ms has enabled. I would check but I can't :). But i can view it fine with lynx anyways since it doesn't support java script. It works fine for me I am not sure if anyone else wants to use it or if just just like pressing the stop button before the forward.
The question is windows 2000 is suppose to have kerb authentication does anyone know this is supposed to be local or remote. And if only certain machines can get it could we some how spoof that machine? I know very little about windows nt 2000 since i am not a beta test but I heard that somewhere.
P.S. I can't spel
And it isn't very well written. Among other things Robert Santore 714.673.8511 rsantore@MRHM.COM keeps putting a meta refresh to his website on the guest book. Every time it is taken down he puts it back up (i'm sure he'll get bored sometime). If anyones interested /. www.troublewear.com
The last comment is particularly telling. The author sounds too intelligent and well versed to have missed the point that badly. I personally have a stake in a software engineering company and hope to be quite rich in the not too distant future. There's nothing wrong with that. And yet, I don't like Bill Gates. This has *nothing* to do with the fact that he's rich. I don't like Microsoft. This has *nothing* to do with the fact that they're a business, out to make money. The original poster wants to dismiss our attitude towards the unethical behavior of Gates/Microsoft by pretending our beef it with the fact that they're a company. He's putting words in our mouths by sayings we think Microsoft is evil because they're a company bent on making money and dominating the software market. And from his writing skills, I'm guessing he's not actually stupid enough to believe that this is the reason we hate Microsoft. He can't have missed the point that badly. Which means his last comment is a deliberate distortion of the truth, not an innocent misunderstanding.
I have no problems with a company that wants to make money, or a person who wants to get rich. I'd be a definate pot calling the kettle black if I did. What I have problems with is unethical behavior. Being against evil does not make you a communist, no matter how hard the evil people want to paint you with that label.
Bill Gates *is* evil, and this has nothing to do with how much money he has. I'm sure if he was penniless, he'd still be evil. Likewise, I think I'm basically good, and I don't expect that to change any when I'm rich. This is not an issue about money or marketshare. It's all about behavior. Don't try and confuse the issue by pretending those of us who cry foul are doing so because we hate winners. We love winners, assuming they didn't cheat to win. If they did, expect us to demand they return the gold medal they stole...
--
"Convictions are more dangerous enemies of truth than lies."
In every book I have read about NT tells you to have "Administrator" changed to some other name and have a fake "Administrator." So, I do wonder if this is real Administrator in the same sense as a root in unix. I tried to connect to www.windows2000test.com to enlighten me as to which meaning they mean, but so far no luck.
Generally, most of us creative machinehead types have been working with systems most of our lives. But we too were once virgins in the Silicon Forest. I would submit that even a general level of Linux sysadmin, development (Apache, Postgress/Msql, Perl, etc) work is still but a piece of spectrum. There is a deeper magic in coding that most mortals never even glimpse. And inevitably you will always meet people who are farther along the curve. I think it pays to be humble and try to teach to those that are willing, so that you might reap skills karma when we find someone we can learn from.
So? How does one teach art to the blind? Words, maybe?
Vinegar or Honey?
-K
"They condemn what they don't understand."
Has anyone actually reached the Win2K test site? I've tried more than a few times over the last few days, and I get the same message every time:
Connection refused
Description: Connection refused
You can define the term "cracked" in as technical terms as you want to, but I consider having the guestbook page redirect me to microsoft.com to mean that the server has been hacked (if not cracked). Will the mainstream user know the difference? While not an actual breach of security, it is still appears as if an outside user has taken control of the system. This is disappointing to see, especially because the same thing happened to microsoft's site, and the crack.linuxppc people didn't learn an easy lesson on how not to set up guestbook security.
Hm I can't reach the Win2000 site at this moment. Perhaps there is a thunderstorm? Maintenance?
--
Marc A. Lepage
Software Developer
Try this:
ping 207.46.171.193
then try
ping 207.46.171.196
207.46.171.196 is www.windows2000test.com
its down and the other is up.
NOT A ROUTER PROBLEM