Crack LinuxPPC Contest Is Over

BlueVelvet writes "The crack.linuxppc.org contest is over. Due to a waste of bandwith, illegal activities, and other reasons." Get the full story here. Seems some people were trying to crack other machines on their ISP. The folks at LinuxPPC say that if you send in a workable method to get into one configured like theirs, you can still win, but please stop eating up their ISP's bandwidth with crack attempts now, okay?

Re:How heavy was the attacking?

[Chris+Burke]

According to the status log at crack.linuxppc.org,
at one point (no idea how long) they were getting 417 packets/second. I can't get to the windows2000test page, but the largest published number was 200(+something smallish) packets/second. Meaning the PPC box was experiencing nearly twice the packet load.


Or, from another standpoint, of _course_ the linuxppc site was getting more traffic, since it was available and windows2k wasn't ;)

Re:used telnet to get in

Having "cracked" speedy and biggy and as anyone who ran a traceroute could tell you, crack is on a packet switched DSL network. You can't sniff out the passwords.

dsn.itgo.com/linuxppc.html

Re:I....

[Spoons]

If I could only be like you, I too would be cool. Seriously, don't be lame. What is you're reasoning behind continuing to crack into the box?

Re:LinuxPPC kernel bugs?

[dirty]

or:

while (1) {
fork();
malloc(1024);
};

Get a fork bomb going and eat all of the ram. I know that used to screw over a box nice and good, haven't tried it on 2.2.x though.

Re:I....

thank you mr. genius. Did you just get your first copy of wired today?

MS appear to win? Hah!

[Black+Perl]

We can't let MS appear to win...

MS' Server has been down so many times that it's almost sad. Ok, well it's not even close to sad. It's hilarious. I'd say they've already lost.

Not to mention that their pages were broken to about half the browsers from the time they started. Doesn't make them look good.

Re:This is why we have ulimit

[VinceJH]

For single user, just set the limit to about as much memory as you have per process. Netscape used to hang my machine in thrashing. Tried something like this:
ulimit -Hs 31000
ulimit -Hd 63000
when I had 32mb of ram. Netscape would crash a lot though, but at least the rest lived.

Although, I still wonder, how would I stop one of those malloc or fork bombs. The fork bomb made my system very slow, lucky I didn't lose focus on the xterm it was running in. About how long would it take to die.

Re:This is why we have ulimit

[Tenareth]

If it's a single user system, it's probably not a server on the public side of a firewall, where a bunch of people will be trying to trash it.


-- Keith Moore

Re:But... But...

[Stonehand]

'ulimit'. I believe it's been supported for quite a while.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:/. Objectivism

[BugMaster+ChuckyD]

/. is not an objective source for anything. The linux bias on the part of the people who run the site and moderate and post comments is overwhelming. Basicaly the attitude is "if its not linux/OSS its CRAP"

Anyone who reads /. on a regular basis knows this however, so we don't take the "News for nerds. Stuff that matters" thing seriously. Id like to see alot more about BeOS here too, but despite it probably being the most technicaly advanced desktop OS out there, its Not Linux, so few /.ers would care.

Re:I....

Did you get your first Packard Bell and finally convince your parents to let you install AOL?

Re:used telnet to get in

[moist]

I mean not to be naive but it would have been brilliant if the kidz were following him around and he happened to have telnetted in from some place unsecure?

But then it won't be brilliant. It would be human engineering (no security hole in Linux PPC exploited). No more than spying him when he types his password directly on the console.

Minor point:

I think the original poster meant "brilliant" in the British sense, that is, a synonym for "cool" or "neat-o".

Re:two questions

He created the new layout for the webpage.

Re:W2k?

New doze stack came from FreeBSD, originally. Looks like it was "improved".

/. Objectivism

[PimpBot]

I don't think that the slashdot community defends anything non-MS, far from it... I believe that /. tries to be objective.

I would have to disagree with this line. Slashdot has a HUGE Linux bias. Mostly everything on this site has some tie to Linux...only occationally, do stories about things I'd rather hear about (BeOS, MacOS) peek out. Although Linux is good, I would hardly call the reporting on Slashdot objective.
--------------------------

Re:/. Objectivism

i agree. but it's always been that way .. --KRAZilEK

Re:/. Objectivism

[Black+Parrot]

> Slashdot has a HUGE Linux bias.

I dunno about that. There have been a mighty lot of pro-MS posts here for the last month or so. It smacks of astroturfing, IMO.

Re:/. Objectivism

[HiThere]

I wouldn't exactly call slashdot objective on the matter of Linux vs. MS, but anyone who chooses to defend MS on this point is... rediculous is too weak a work, but I can't think of a better one. There are points that MS could successfully claim to do better than Linux. This one is so much tilted the other way that it's embarassing.

Cheap escape

[heroine]

So they crashed and instead of giving away the machine they ended the contest. That memory exhaustion crash bug has been around for over a year. Any Linux box can be crashed easily by exhausting its memory repeatedly.

Re:Cheap escape

[Spoons]

Okay, so who do you give the box to?

Re:Cheap escape

[cookd]

if(crash==crack){
I.eat(My.shorts);
Win2k = cracked;
}

Re:Cheap escape

[Lord+Kano]

>So they crashed and instead of giving away the machine they ended the contest.

Didn't you even READ their statement? If you can crack into an identically configed box, you still win it.

LK

Re:LinuxPPC kernel bugs?

[scott__]

Fork bombs will slow things down a great deal, but I've never known them to actually kill the kernel. It will make things crawl though :-)

As soon as the process table for that user fills up, nothing more can spawn (until you start killing of course). I think the process table size per user is something like 1024. You can change this in (I think) limits.h in the kernel source.

-scott__

Comment removed

[account_deleted]

Comment removed based on user account deletion

Linux cannot survive out-of-memory.

[cpeterso]

In a perfect world, Linux wouldn't crash when it runs of memory/swap. Unfortunately, there are (some) bugs in the Linux 2.2.x kernel where developers forget to check for memory allocation failures. For example, many device drivers call kmalloc() or get_free_page() without checking whether the returned pointer is NULL. These functions can return NULL, but will only do so under extreme stress. If these unchecked NULL pointers are used in the code, then BOOM!! I've reported these bugs to their owners. Alan Cox fixed a bunch for Linux 2.2.11, but some other developers didn't care, claiming the kmalloc() would "never" return NULL. If Linux is going to be taken seriously as an "enterprise-ready" OS, can Linux developers really have such a not-my-problem attitude to bugs?

BTW, I've scanned the FreeBSD 3.1 source code with the same lint script and found ZERO unchecked malloc() calls. Linux 2.2.10 had a couple dozen...

Re:Linux cannot survive out-of-memory.

Do all the mallocs needed before you run the peripheral. If it fails you only need to say that the kernel can't start the peripheral. Easy, isn't?

Re:Linux cannot survive out-of-memory.

[Kyril]

And if the driver doesn't do this already?

Or if the driver's memory needs are not known ahead of time, or are large enough to not be acceptable--especially if they're (relatively) large areas of memory below 16M (for ISA DMA...)?

Re:Linux cannot survive out-of-memory.

[tgd]

So you reported the bugs to the owners, and you know enough about what you're looking for to find them.

Why didn't you go ahead and fix them then? If there's only a dozen or two, why not fix the ones in the drivers that aren't getting fixed? Just because someone else wrote it doesn't mean you can't fix it.

Re:Linux cannot survive out-of-memory.

[raistlinne]

Have you posted these problems to linux-kernel@vger.rutgers.edu? Public humiliation may take the place of conscience some times. :-)

Re:Linux cannot survive out-of-memory.

[Kyril]

if (malloc returned 0) then do ... what? For this particular state of processing on this particular peripheral? How do you back out the part of the activity you've already done in such a way as to minimally impact further processing, when you don't understand the driver?

Just because you can write the error detection into almost any code doesn't mean that you can determine or implement a correct response to that error condition with that same lack of knowlege.

They just didn't think it out first is all...

[KingBob]

They really should have controlled the experiment better then shouldn't they? Perhaps isolating the box off their (critical) network, or limiting it's intranet connectivity to other, non-critical machines? Yes it seems simplistic, but then maybe they'd have gotten better results, less troubles and slightly less egg on their faces!

Re:They just didn't think it out first is all...

From what I read, they did something rather like that -- they just forgot to tell the people trying to break in :)

Daniel

Re:I....

hehe, I just enjoy starting the hacker/cracker debate. Seems that since this is for a good cause it should be called hacking. If I broke in and did a rm -rf / that would be cracking. If I broke in, got r00t and told the guy how that would be hacking.

Linux -- not an enterprise solution

Well, let this be a lesson to all of you folks jumping blindly on to the Red Hat IPO Bandwagon that Linux is not (yet anyways) an enterprise solution. Hopefully some of this money they raised can go towards further development to finally rid all of these documented bugs.

Get out a can of Raid, Linus, because you've got a lot of bug smashing in your next kernel to do before this OS is ready for the challenge.

Watch out, Red Hat + 5 years = M$

Keep Open Source uncorrupted, and uncorporate!

The Lizard King

We have a winner!

I say give the machine to Omar Shenker. He's the only person who managed to get the web site changed.

Did you notice this?

They had to upgrade the machine they were using. They started out with a P2-350MHz machine and 128MB of ram. They've now posted their config, which is a P3-500MHz and 256MB of ram. sounds like bills' bug bit himself. Upgrade to upgrade.

Re:LinuxPPC kernel bugs?

[psaltes]

I once did a fork bomb that was a shell script that called itself twice on a friends box. Either it crashed, or it was slowed down so much that its state was indistinguishable from a hardlock. The owner of the box had to hard reboot it, couldnt log in from anywhere. I guess this sort of fork bomb would essentially be a memory gobbling fork bomb like someone else described since each execution of the script uses 300k (at least on my alpha unix box that I'm sitting at) or so for bash.

windoZzzzz....

windoZzzz... did not even stay up.

Re:windoZzzzz....

Nor did Linux...

Implicit contest

Microsoft implicitly acknowledged the contest when they posted their Admin password after LinuxPPC posted their root password.

Re:WINDOWS WINS!

Umm, whoever said Linux couldn't handle it didn't read the article! The machine was doing fine, but their ISP so NO MORE!

Next time read more carefully.

Re:I....

Yeah, you sure would be da bomb if you "got r00t" since he published the root password. Try just getting onto the box.

Re:Uh, you're kidding right?

[Mr+Gleep]

Not to mention this cult of personality that everyone here seems to have built up around Linus Torvalds. To read the posts, you'd think "Linus" (what, everyone's on a first-name basis with somebody they've never met?) is every /.er's best friend, favorite uncle, and the Messiah to boot.

used telnet to get in

[bloosqr]

Anyone noticed that he telnetted into the box to do the update? Did anyone snag the password?? Its not entirely surprising that people are trying to grab upstream boxes ..

-avi

Re:used telnet to get in

[bloosqr]

Err wouldn't it also depend on where he was telnetting from? I mean not to be naive but it would have been brilliant if the kidz were following him around and he happened to have telnetted in from some place unsecure?

Re:used telnet to get in

I mean not to be naive but it would have been brilliant if the kidz were following him around and he happened to have telnetted in from some place unsecure?

But then it won't be brilliant. It would be human engineering (no security hole in Linux PPC exploited). No more than spying him when he types his password directly on the console.

W2k?

[FascDot+Killed+My+Pr]

So what's with www.windows2000test.com? I haven't been able to get there for a week. Did they give up? I live just north of Seattle so I know it isn't the weather this time....
---
Put Hemos through English 101!
"An armed society is a polite society" -- Robert Heinlein

Re:W2k?

Finally managed to connect to win2000 test machine, seems they been having major problems with the TCP/IP stack. Maybe they borrow the tried & tested stuff from the linux source code? :)

Re:W2k?

ooops, that's should be "SHOULD borrow the tcp/ip code from the linux source code" oops... Me not use preview :(

Re:W2k?

Yes, same here. At least I reached the latest status page. Previous ones ... well, no go (fastest WWW server, yes, sure). But they've finally identified the problem, it's the TCP/IP stack (hey, they wrote even that wrong). Guess the final release will have it removed but to be honest, I think MS is more and more busy making a clown of itself. Curious ... does anyone know who's idea it was ? ... Update: machine crash not completed due to a machine crash ... just kidding 8)

Re:"improved"

Jesus, a sane and reasonable poster on slashdot, one who is not on the "NT Sucks because it's Microsoft" bandwagon. What is this place coming to? Next thing you know the "NT was mentioned in magazine X" sort of articles atart appearing :)

The poster is right, get a clue people. MS hires many of the best programmers acs computer scientists out there. The bugs in their code are more due to insane shipping date then the developers' incompetence.

Re:WINDOWS WINS!

If you mean; "Window is the best thing to toss an MS Windows machine out of" then I'm with you... if however you mean "MS Windows is the best thing ever", then maybe you should be tossed out a window. .sig begins: Beware TPB

Re:How heavy was the attacking?

Hardly. According to the win2k status page "10:00am - Installed an update to the TCP stack which ran through private testing last night. Updates to TCP make it more efficient in processing the volume of SYN packets received by the server. CPU load is now fairly steady at 35%. Kernel memory use is steady. Number of connections is running between 180-220. Incoming data stream is about 2100 pkts/sec. " So the W2K server is currently handling 5 times the load that the LPPC server died under.

Re:WINDOWS WINS! NOT!

Linux handled it just fine. It only went down once. It looks like the big reason for ending the contest is that people were trying to hack into other machines nearby. (Probably trying to install a sniffer, or something) Read before you post.

Re:How heavy was the attacking?

Wrong, zealot. According to the win2k status page "10:00am - Installed an update to the TCP stack which ran through private testing last night. Updates to TCP make it more efficient in processing the volume of SYN packets received by the server. CPU load is now fairly steady at 35%. Kernel memory use is steady. Number of connections is running between 180-220. Incoming data stream is about 2100 pkts/sec. " So the W2K server is currently handling 5 times the load that the LPPC server died under.

Re:Fascinating...

The DoS attacks appear to be continuing. Microsoft has posted things our their status page indicating that, but they are working on the IP stack to have it handle the attacks better. The reason MS put up the server was to give it some rigorous testing to help improve it. I don't know why people gripe about Microsoft so much because from my use at work their products are improving at a quite rapid pace. I'm not familiar with the defaults on LinuxPPC in terms of security. Most Linux distributions I have used(Slackware, RedHat) have not been very good security wise.

I'm confused

What exactly did they expect to happen? I mean, they did offer an open challenge to crack their machine, didn't they? Anybody who has a clue would naturally expect to see people attempting to crack other machines on the same network in the hope of finding user accounts that would work on the LinuxPPC box. Seems obvious to me anyway. So how could they possibly complain with a straight face about getting too many crack attempts?

Re:I'm confused

[sterno]

They offered up the challenge of cracking into their box, not anybody else's. Granted it is an obvious approach to attack another system first, but it is neither legal nor the point of the contest. The contest was to find an inherent weakness in their configuration of a specific box, not find a weakness in their network as a whole or in other boxes on that network.

---

Re:I'm confused

You are right that it is not legal, but it is certainly representative of real world crack attempts. Besides, if somebody can get in through another box on their network, it does reveal an inherent weakness in the configuration of the crack box. Anyway, all I was trying to say was that if you are going to issue such a challenge, you have to expect the obvious consequences.

Re:LinuxPPC kernel bugs?

Instead of while(1) fork(); try while(1) malloc(1); /*c*/ or while(1) new char; //c++ Either one has the same effect -- the system crashes.

Re:How heavy was the attacking?

[KingBob]

hehehe...nice one dude.

Perhaps that's the Micro$oft security strategy - if you can't connect to the box you can't crack it - you can't get more secure than that!

;)

Well DUH! What did you expect?

It's like when local idiot DJ Rick Dees has his promotional $0.10/gallon giveaway at a local Los Angeles area gas station. What happened? It was fscking GRIDLOCK in a nearly half mile radius of the gas station. Great promotional stunt. Dolts. Linux PPC is no different by calling all crackers to their site and daring them to crack the uncrackable. Only this time it was NETWORK GRIDLOCK.

Admit it. LinuxPPC was just being st00pid.

Re:Well DUH! What did you expect?

what the fuck are you talking about eh? It wasn't due to straight up traffic but people flooding the box on purpose. I guess all those script kiddies couldn't cut it and decided instead to be poor loosers.

Re:Well DUH! What did you expect?

[Mike+A.]

Yeah, well, www.windows2000test.com was st00pid first. :)

Re:Well DUH! What did you expect?

How could they possibly openly challenge people and NOT expect shitloads of script kiddies to throw everything they had (including DoS attacks) at the box? Also, cracking another box on the same network and then trying out some of it's user accounts on the target box is a very common tactic and should have been expected. Basically, the people who set up the LinuxPPC box were naive and unprepared.

Re:Well DUH! What did you expect?

Kiddiez flood the win2k box and everyone marks it up to Microsoft is screwed up. Then the Linux box gets hit with the same thing, and ppl whine about it. At least be consistent. The Linux box hung once and ran out of RAM once while dealing with 1/10 the bandwidth the MS box is dealing with. If you really want to brag, sit a Linux box on a T3, then stand up to the same firestorm. Not saying that it would or wouldn't do better, but that if you want a fair contest, then handle the same loads.

Re:Well DUH! What did you expect?

Are you retarded? Microsoft is a huge multinational corporation, with bandwidth out the ass. This guy was basically hosting his box on a DSL line. The reason he stopped the contest is that there was so much bullshit coming thru (flood packets, etc) that nobody could even try a decent crack attempt. It has nothing to do with "handling loads". If the line is saturated with flood packets then the contest is moot anyway, because nobody's going to be able to get a "legitimate" packet across.

Re:Well DUH! What did you expect?

They were probably under the same. There was A) More of a workforce behind LinuxPPC, becuase you could accually win something B) W2K was mostly a lot of visiters, not crackers. The cracker/hacker community knows linuxppc just as well as win2k. C) Hes been up WAY WAY WAY WAY longer then Win2K. Windows 2k had to be rebooted atleast once a day. Once, in our office, when the NT 4.0 400 P2 died (512meg ram too!). The admins replaced it with a P200 w/96megs running Linux. It was under the same load and did the job just as well. It was a teeny bit slower, but thats reasonable. It was the Intranet, and Samba server for an office of 120 working people. The system is always under a pretty heavy user load.

Who has the nuts to take over this contest?

Of all the /.ers on here, is there anyone with enough resources to take over the responsibility of hosting this contest. We can't let MS appear to win just because they can afford the bandwidth. What about happyhacker.org?? Will they host it?

Re:Who has the nuts to take over this contest?

[Syslevel]

Why do people think this means that "Windows wins?" The LinuxPPC Contest was launched as a response to the NT 2000 site being put online, but I don't recall Microsoft or anybody at all, actually, setting it up as a formal challange.

It seemed to me more of a "me-too" effort on the part of the LinuxPPC site. Does anybody know of any way at all that Microsoft even acknowledged there was a 'contest' taking place?

Re:Who has the nuts to take over this contest?

There doesn't need to be an official contest for one to exist in the public eye. Microsoft has attempted to use spin to show how its products outperform Linux in areas where Linux was considered to be more advanced. I believe linuxppc.org were attempting to counter this. It is a shame they have to shut down. I would have preferred to see linuxppc.org uncracked for several years!

Re:Who has the nuts to take over this contest?

[Fantus]

Do any of us still really care enough about Microsoft??? Who cares what they win... A spot that says they crashed the most and they keep their server up longer so it could crash more? they might even have the last laugh that they could put the $$$ into affording the bandwith and the idiotic users trying to get into other systems. The thing that PO's me the most is that Linux PPC promised a computer to AbiSource, and used that same computer to give to a security assurance test... AbiSource right now is one of the closest buisiness models following Free Software or OSS. Give them the F***ing computer. Don't list it as one of the big reasons to stop the "contest." Power PPC in my book has fallen prey to the same PR that MS uses.


JS

Re:Windows 2000 Is more Secure than Linux

personaly, I'd take Linux over Win 2k - but OpenBSD is more secure then both. (faster ta boot). Still, Linux is still quite nice (I'd use BSD Unix as a server, but Linux as a workstation O.S.) and highly configurable.

Re:two questions

So you're saying Omar just performed a "Kevin Mitnick" style 'human engineering' feat. Sounds typical for the hacker set.

Re:You know...

Hey, if it crashes the system... Honor? When trashing Microsoft?

Pretty much equal at the noted point.

[just+someone]

PPC was up during a period when Win went down several times. The stats are about equal.

PPC comment for 8/5
18:58 CST: Averaging 437.46 packets per second(tcpdump)


Windows:
Perfmon info from 8/5/99 4:00pm
Datagrams Received/sec Avg: 326
Fragments Received/secAvg: 104
Total Fragment Reassembly Errors1574000 in the last 3 hours
Connections/sec Avg: 100
% Processor Time Avg: 20
Memory use steady at about 113264K

Re:More traffic on the Linux box? Kidding, right?

"And don't you recon that the hordes of MS defenders on this planet might have felt some motivation to crack crack, if only to prove to the world that NT doesn't really stink as bad as its odor would lead one to believe? "

No "NT defender" has the same motivation as many of the cult-memberish Linux community. Trying to pretend so is ridiculous. I defend NT, but only against complete FUD that is so rampant in the Linux advocacy camp ("Any fact, even made up, is good by us!"). I hardly care about a Linux test box though.

kudos to an AC

[maphew]

Right on. A thoughtful, reasonable and informational post. Thanks guy/gal whoever you are.

It's good to see there are still people who have their wits at the same time they have something worth saying. I'd almost begun to think they were mutually exclusive. ;-)

cheers,

-matt

Re:More traffic on the Linux box? Kidding, right?

[Black+Parrot]

> No "NT defender" has the same motivation as many of the cult-memberish Linux community. Trying to pretend so is ridiculous.

You need to get on over to comp.os.linux.advocacy and count the full-time (and I do mean full time) NT advocates that have set up camp for trolling and laying turf. You might learn that NT, like Linux, Amiga, OS/2, and the Mac, has extremists among its "defenders".

Trying to pretend otherwise is ridiculous.

ps -- Didja hear today's news that a Micorsoft employee got caught red-handed in a bit of anti-AOL astroturfing? I reckon not, or you wouldn't be saying that no NT advocates have "cult-memberish" motivations.

Re:"improved"

On MVS (dont ask) when resources are being crunched, it goes into slowdown mode. As for paging, one has different heaps, with different protection keys. Thereagain, it cheats by having inbuilt hardware protection/features. Plus they have boxes faster than anyone else. Result. Perfection. Maybe IBM is readying a new contest?

Re:LinuxPPC kernel bugs?

I'd hate to kill my uptime... Your local Electric Utility would hate that too. Keep loggin' those hours. Best if you not do anything risky on the machine. In fact, put up a second machine you never do anything at all on, just to log hours of uptime. Uptime stats are what count. You should see the babes flock when I mention mine at the local bar.

Holy cow!!!

I was surprised to see that crack.linuxppc had crashed and even more so by the claims in this thread that Linux was vulnerable to death by malloc. So I whipped up a quick "while(1) malloc(1024)" and was flabberghasted to see the machine more or less hangup for a while. Then the init process seg-faulted as did some other stuff like cron leaving behind a bunch of zombies. The kernel itself survived and response returned but with no init left it was essentially rendered useless for login. This is on SuSe 6.1 intel(2.2.7). I'm totally disillusioned that it's that easy to take out a linux box!

Re:Holy cow!!!

Years ago when I was s tudent I used BSD (4.3?) on some fairly hefty Sun equipment (big boxes in rooms, Sun-4's?) - they cost 1/4 million each I think. I could take the machine down with a user account simply by creating a socket, and then using a combination of shutdown, close and unlink in the wrong order. Ok, this was 8 years ago, but it was also expensive equipment.

Re:Holy cow!!!

[theHippo]

Not reading the manual is a sin.

man limit

NAME
limit, ulimit, unlimit - set or get limitations on the sys-
tem resources available to the current shell and its descen-
dents
....

Re:WINDOWS WINS!

[mistabobdobalina]

you know in some kind of ironic way this troll is half-right...

More traffic on the Linux box? Kidding, right?

[Zico]

After the first day or so (once everyone started finding out about the box), the Win2K status page reported frequently receiving over 6000 frames/sec (> 7000 datagrams/sec). The highest packets/sec that I see reported on the LinuxPPC status page is about 556. I'm not sure what number you're referring to on the Win2K status logs.

Seeing as the LinuxPPC group dropped out of the competition, blaming it on attacks upon other computers, while we haven't seen any such whines from the Win2K group (as if the Win2K box attackers haven't been trying the same tricks), I'm not at all convinced that the LinuxPPC box could've stood up to the attacks that the Win2K box has received. Did any but the most wacked-out zealots really believe that people would go after the Linux box the hardest?

For the Linux zealots: I hope every name that you were prepared to call the Win2K team had they dropped out, will now be applied to the LinuxPPC team. Quitters, babies, whatever. C'mmmmon, don't tell me you wouldn't have. Just look at all the yahoos who just about wet their pants just because someone toyed with the JavaScript in their Win2K guestbook posts.

Cheers,
ZicoKnows@hotmail.com

Re:More traffic on the Linux box? Kidding, right?

The thing is, the attacks on other machines were not necessarily on linuxppc.org or linuxppc.com machines on but machines from their ISP.

Sorry to say this, but if some group of guys set up a box and asked for it to be crack, and as a result, dozens of our other corporate clients get attacks, we will ask those guys to shut it down.

Ms doesn't have this problem, as they use their own network. Whatever gets attacked is theirs anyway.

Re:More traffic on the Linux box? Kidding, right?

[raistlinne]

"After the first day or so (once everyone started finding out about the box), the Win2K status page reported frequently receiving over 6000 frames/sec (> 7000 datagrams/sec)."

When did the box get this? It was down more than it was up as far as anyone could tell.

"while we haven't seen any such whines from the Win2K group (as if the Win2K box attackers haven't been trying the same tricks)"

No, they just blamed their downtime on the weather and power outages and the like. Can Microsoft really not afford a UPS? Besides, their complaints weren't nearly so much about their network being hurt as their net connection being flooded. Just a guess but linuxppc.org does have their bandwidth for something else than just to have it flooded. If you read the complaints, one of them was that other machines were getting obthered, true, but the biggest was that their network connection was so saturated that they couldn't do anything over it. That has nothing to do with the box involved, it has to do with the bandwidth that they can afford.

"I'm not at all convinced that the LinuxPPC box could've stood up to the attacks that the Win2K box has received."

Maybe, maybe not. They'd need a much bigger network connection to find out, which I doubt that they can afford. Either way, the linuxppc box was much smaller than the W2k box.

"I hope every name that you were prepared to call the Win2K team had they dropped out, will now be applied to the LinuxPPC team."

Since you don't seem to have read the article, I'll reiterate what it said. The contest is still going. If you can provide a workable crack into a similarly configured system, you still get the box. They just want their network connection back. As they mentioned, Microsoft can't do that, as W2K isn't purchaseable yet.

Oh, and the linuxppc people never lied about anything going on. I'm curious, while the windows2000text box was being killed by the weather and power outages, was www.microsoft.com also down? If not, why not? Couldn't they afford to put the box on a UPS?

Re:More traffic on the Linux box? Kidding, right?

[Black+Parrot]

> Seeing as the LinuxPPC group dropped out of the competition, blaming it on attacks upon other computers, while we haven't seen any such whines from the Win2K group

Te he. They just blamed their problems on lightning, routers, etc.


> Did any but the most wacked-out zealots really believe that people would go after the Linux box the hardest?

Well, uh, yes. Crack crack win crack. Crack win win zip.

And don't you recon that the hordes of MS defenders on this planet might have felt some motivation to crack crack, if only to prove to the world that NT doesn't really stink as bad as its odor would lead one to believe?


> I hope every name that you were prepared to call the Win2K team had they dropped out, will now be applied to the LinuxPPC team

Why? They made their point within a day; everything since then has been nothing more than rubbing your nose in it. Which probably explains the hostility in your post.

And what's the Micorsoft team going to do now? Leave theirs running until it has crashed as few times as crack did?

Get a life -- and a real operating system.

Re:More traffic on the Linux box? Kidding, right?

[Zico]

When did the box get this?

As their old status page states, they were frequently getting that amount. They did a much better job of documenting the system and network loads than the LinuxPPC guys did, although I'd still like to see more details. It'd be great if the LinuxPPC guys would list each days' averages, too.

The linuxppc box was much smaller than the W2k box.

Well, as most benchmarks have shown, Linux is best suited for weaker throwaway machines, while NT (at least version 4) does a much better job than Linux with more powerful boxes, so it's probably best that LinuxPPC fans can use box size as an excuse. (Of course, we're talking about Win2K, not NT4, so the above might not hold true, but I would expect to see a performance increase, at least by the time it's ready to ship).

The contest is still going. If you can provide a workable crack into a similarly configured system, you still get the box.

Yah, so I can go out and buy a PowerMac just so I can win an old one? No thanks. C'mon, for all intents and purposes, it's over. If a new one got cracked, they would just blame it on the new guy and say it never woulda happened to them.

As they mentioned, Microsoft can't do that, as W2K isn't purchaseable yet.

Uh, why would Microsoft do that? Unlike LinuxPPC, they're actually willing to host it and put their own bandwidth on the line. You make it sound like a bad thing that Microsoft is allowing people to still go at their machine, and a good thing that to do the same with LinuxPPC, you need to go out and get your own PowerMac. Again, no thanks.

Oh, and the linuxppc people never lied about anything going on.

And you know this, how? Hmmm...Monday: People couldn't connect because of a "self made ethernet cable." Mmhmm. Tuesday: Linux box runs out of memory. Wednesday: Supposed network (not machine) problems. Thursday: Contest over! Pretty convenient time to end it, if you ask me -- looks like things were starting to go downhill. I'm not really sure why you expect great honesty out of these guys, since I certainly see a lot of playing loose with the truth when it comes to Linux zealots, especially when you consider all the tacky trash-talking that they did.

As for Microsoft, they don't want to look bad either, but I don't see much reason for them to make up the power outage thing -- on their status page, they've been documenting the genuine problems that they've had: crashes, memory leaks, adding a new TCP/IP stack only to see the CPU immediately hit 100% utilization, etc. Like they've said, they're using this opportunity to try different things out and make improvements along the way, and be able to quickly see the effects. Sounds like a good idea. If they're trying to pretend that their beta OS is perfect and that it can't be stopped except for acts of God, they better get rid of that guy who's posting those status updates.

As for a UPS, I doubt they had one for that box -- it doesn't seem like they thought it would get such a response. After all, they started out with a 300 or 350Mhz box that had less RAM than the LinuxPPC one. And as for www.microsoft.com, I'm sure that www.windows2000test.com is very isolated from those machines.

Cheers,
ZicoKnows@hotmail.com

Re:How heavy was the attacking?

[edgy]

On the other hand, the Windows 2000 box might have crashed after receiving 200+ packets/second, and never had a chance to go up to 417 packets/second.

Wish we could know exactly what's happening, but MS is trying to spin this, not really gain anything from it.

"improved"

[Black+Parrot]

Probably for the Mindcruft benchmarks. Stability wasn't an issue then.

Ooops.

Re:"improved"

If I'm not mistaken, the LinuxPPC box was running out of memory, according to reports. Maybe the OS didn't leak memory. Something running on that box must have been. Apparently somebody out there releases programs with memory leaks. OpenSource prides itself on not needing QA to check the results. Maybe QA just did check the results. Maybe the results were failure.

Re:"improved"

Uhh, no. Mindcraft and ZDNET were both run against NT4 SP4. No matter. The fact is that the core memory architectures of NT and Unix are so different that the performance hack which is causing trouble for W2K couldn't possibly arise in a Unix-based TCPIP stack.

I don't know if anybody else saw it, but crack.LinuxPPC.org leaked memory, too. If I were MS, I'd be cackling with glee, planning a PR blitz alleging that the reason they took it down today was that they could project that it would crash again. Certainly, if you tracked memory usage, it was running out of free memory very fast. (At 2-4MBytes/hr at the end.) The question is, given that they were leaking so unbelievably fast, why did they stay up, when W2K keeps crashing?

The difference that allowed c.l.o to stay up was that Linux takes FTP pages from the normal heap. W2K, like all versions of NT, takes TCP pages from the NON-PAGED heap.

This is a huge performance win. A basic rule of development for any memory-bound system is that a faster processor serves one purpose only...it gets you to your next page fault faster. So W2K doesn't page time-critical information, such as buffer owned by drivers for high-speed devices.

(By the way, some other AC asked about the use of raw telnet in STREAMS-based Unix kernels. My guess is that is the same reason: once you move it into the kernel, performance isn't impaired by page faults. But I'm an NT geek, not a Unix guru, so I can't be sure.)

Like all performance hacks, though, this one has a cost: the non-paged pool is kept as small as it possibly can be. After all, every locked page is a page that ordinary applications can't use (or, at least, shouldn't use.) Moreover, the NPP doesn't grow, and can't make use of virtual memory. (If you grow the NPP, then you risk taking a page to which another process was paging. As to why it can't use virtual memory...well, I'll leave it as an exercise for the reader. Remember, though, that it is the non-paged pool.)

I'm betting that this is what is happening to W2K. Kepp in mind that it's been taking many thousands of bogus hits per second, and every one of those hits requires it to grab a tiny bit of non-paged memory. It becomes an elementary exercise in queueing theory to recognize that there exists a critical rate beyond which the queue of owned blocks will inevitably grow without bound. Since this implies that for any W2K machine, there exists a driving speed beyond which the machine will eventually run out of NPP, and halt hard.

Ouch.

Linux isn't out of the woods, though. I know how to build a fair, Mindcraft-style test which will devastate it, too. The thing to keep in mind is that this obtains for any computer with a TCP/IP stack with a finite servicing rate. Last I knew, that means any computer in existence. C.L.O was running out of memory while taking fewer than a quarter as many packets/second. To be sure, C.L.O wouldn't run out of memory as quickly as W2K did -- it had 160MBytes + swap -- but it, too, ran out of memory in a week. It would have run out exponentially faster if it had been at the end of a T1 line instead of an ISDN line. W2K has a 100MByte/sec. E-net card, and its at the end of a REALLY REALLY big pipe. How long would C.L.O. have lasted under those circumstances?

Re:"improved"

[WNight]

Like all performance hacks, though, this one has a cost: the non-paged pool is kept as small as it possibly can be. After all, every locked page is a page that ordinary applications can't use (or, at least, shouldn't use.) Moreover, the NPP doesn't grow, and can't make use of virtual memory. (If you grow the NPP, then you risk taking a page to which another process was paging. As to why it can't use virtual memory...well, I'll leave it as an exercise for the reader. Remember, though, that it is the non-paged pool.)

I'm betting that this is what is happening to W2K. Kepp in mind that it's been taking many thousands of bogus hits per second, and every one of those hits requires it to grab a tiny bit of non-paged memory. It becomes an elementary exercise in queueing theory to recognize that there exists a critical rate beyond which the queue of owned blocks will inevitably grow without bound. Since this implies that for any W2K machine, there exists a driving speed beyond which the machine will eventually run out of NPP, and halt hard.

Ouch.

"An elementary exercise in queueing"... Is it just me, or is it also elementary to keep track of the relative value of each item being cache (or not paged out) and when the list is getting full, start throwing out the items at the bottom of the list, even if they'd normally be kept in a non-overworked machine?

It might take a bit more work, but it sounds like one of those fairly obvious tweaks.

Isn't this (talking about how not paging anything consumes all available ram) sort of like talking about nicing all processes to the same level and wondering why realtime apps like MP3s are skipping?

But, I don't understand why you take it for granted that both OSes leaked memory. I mean, if I program of mine leaks memory under any conditions, I don't release it.

Re:"improved"

[Cadaver]

Actually, it's probably the off by one error which meant that linux didn't realize it was running out. (Fixed in 2.2.11, but a couple of memory leaks introduced - one in the rtl8129/8139 driver and another in the tcp code).

Re:"improved"

"An elementary exercise in queueing"... Is it just me, or is it also elementary to keep track of the relative value of each item being cache (or not paged out) and when the list is getting full, start throwing out the items at the bottom of the list, even if they'd normally be kept in a non-overworked machine?

It might take a bit more work, but it sounds like one of those fairly obvious tweaks.

I don't know how to sugar coat this, so I won't. Unfortunately, no, that doesn't work. It is an obvious tweak, and I'm quite certain that the authors of the stack are well aware of it. In fact, I'll bet that it's used. It can't possibly be enough.

Here's an example. It's based on threads, since the processing is easier to understand if you assume the two agents are running in a shared-memory environment. If you're more comfortable thinking in terms of processes and interprocess communication, fine. Substitute the word process for the word thread throughout. The argument is the same.

Suppose I write a multi-threaded application. Thread one allocates memory at a certain rate and places each block at the head of a list. Thread two, running in parallel, takes things off the list and returns that memory to the heap. This application doesn't leak memory -- it consumes memory in order to perform its designated task. As long as thread two can keep up with thread one, the expected total memory usage of the app remains bounded.

But what happens if thread two cannot keep up with thread one? It's clear; the application will chew up all available memory in finite time.

Observe that NO amount of tweaking of thread two fixes this problem. If the producer adds items faster than the consumer can eat them, there's a surplus. As long as thread two takes finite time to run, there's a fixed rate at which it can be saturated.

As an aside, there's nothing special about threads or processes, either; I could just as eaily give this example as a prioritized service loop with a select() at the top. This is an unavoidable problem -- if you have a finite resource, and you reserve a portion of it at one rate, and return another portion of it at another rate, then you risk consuming all of the resource.

The only way to fix this is to limit the rate at which thread one allocates new memory. Changing how the product of thread one is consumed may postpone the inevitable, but that's all. As long as the cleanup process takes non-zero time, you will always have a rate at which thread one wins.

In the real-world case, though, this means not allocating memory. That means refusing to service certain packets. The obvious means to do this is a guillotine approach in which you simply reject packets when your load gets high enough. That's unacceptable; it means that there's an effective denial of service attack against your TCP/IP stack. You won't crash, but a malicious spud can block out anyone else by flooding your network with packets.

Unfortunately, this is one of those "you can't fix it, but you can make it better" kinds of problems. There will always be a situation at which you have to guillotine the packet stream. A good developer's goal has to be to avoid that circumstance as long as possible. This is the kind of situation where you get to do some first-rate software engineering. I haven't seen any of the code in this case, but from the hints they've left in the status log, here's what I think they're doing.

They are attempting to separate the sheep from the goats at the front end. Remember that they talk about telling the legitimate packets apart from the flood of noise? If I were doing this, I'd put in a low-level detector which kept a memory of the "kinds" of packets I'd seen, and throw out any that were occuring "too often". I'd watch for packet fragments, since they require me to allocate memory, but since they can arise in legitimate connections, too. You get the picture.

Now, there's a downside here: putting such a firewall into the front end of my TCP/IP stack will slow it down no matter what I do. So after a certain point, they must fall back on the safe but crude method of rejecting connections. That would take some tuning, though...and what are they doing right now? They say it in the status log. They're tuning the stack for optimal performance. That's what engineering is all about; somewhere in the story, you have to go out to the world and collect data.

It's almost an article of faith here that Microsoft writes crappy code. Frankly, you guys don't know what you're talking about. Yes, Microsoft releases code with bugs. So does everybody. Yes, Microsoft lies and is evasive when it's caught in public. I'm not necessarily proud of it, but I've been known to do the same thing. I think that their corporate PR strategy has been excessively deceptive, and that they should be publicly criticized for that. But the developers who work for MS are every bit as good as anyone who reads /.

So, when you write...

...I don't understand why you take it for granted that both OSes leaked memory. I mean, if [a - AC] program of mine leaks memory under any conditions, I don't release it.

I've simply got to shrug. Neither OS leaks memory. Each consumes memory, and there are circumstances in which that consumption is possibly unbounded. The hard part is (a) continuing to service requests even under totally unexpected loads, while (b) providing the best possible service to legitimate customers.

Re:LinuxPPC kernel bugs?

[shermon]

For Redhat linux (5 and above?) It's set down too 256.

This is why we have ulimit

[barzok]

Use ulimit in /etc/profile and limit each user to a sane number of processes. I set mine to 128. Ran a forkbomb, and the box slowed down quite a bit (processor spiked...hehe) but I was able to kill off the offender and things came back down to normal.

Re:This is why we have ulimit

Use ulimit in /etc/profile and limit each user to a sane number of processes. I set mine to 128. Ran a forkbomb, and the box slowed down quite a bit (processor spiked...hehe) but I was able to kill off the offender and things came back down to norma

This is good, but most Linux machines are single user, and it make little sense to limit the amount of memory of processes: RAM is there so that you use it, and at one point you'll need a process that requires 95% of the memory. For instance opening many netscape windows when downloading images in parallel.

malign.com? dotslash.org?

malign.com and dotslash.org are freaking me out. Neither are owned by Rob. The owner of malign.com also owns a porn site. This is weird.

Re:malign.com? dotslash.org?

That's www.dotslash.org, you retard.

Re:malign.com? dotslash.org?

You need to develop better whois skills, sir. Malign.com and Corruptioncam.com are owned by completely different people.

Re:Windows 2000 Is more Secure than Linux

[Eccles]

I mean, Since the machine is offline because it crashes half the time, it cannot be accessed globally, therefore higher security.

Instead of "Security through obscurity", it's "Security through instability"?

Slashdot wasn't down...

[Sangui5]

just /.ed. Ever since that bit about the Kansas board of education (broke Hellmouth's record!) it's been slow, but not down. I can't guaruntee that it was up yesterday (the 11th) but it was up whenever I tried this morning (the 12th). It was r*e*a*l*l*y slow, but still up. The Kansas story went up at ~7pm the 11th, so that seems to be a good explination.

Win2k site stats...

This is what I got from the status page the last time I checked.

Perfmon info from 8/6/99 12:50pm

Datagrams Received/sec Avg: 4518
Fragments Received/sec Avg: 70
Total Fragment Reassembly Errors 456642 since 9:20am
Connections Avg: 618
Total GET requests 145,000+ since 9:20am
% Processor Time Avg: 30-47

Re:Win2k site stats...

That was days ago... The amount of traffic the site has been taking has increased 2-3 fold since then.

Re:Win2k site stats...

Impressive.

As I said, that's the most recent status page I had in my web cache...

They cracked a couple of LinuxPPC.org boxes.

[just+someone]

One attack succeeded in hanging the box, but the guru's were off a linux world.

and then the ISP turned on the firewall.

Re:You know...

[pirodude]

i am on the same isp as crack.linuxppc.org and i was getting nailed with all kinds of stupid attacks. they must have scanned the entire execpc class b subnet. I had tons of telnet requests into my server and someone successfuly crashed my win 98 machine (yea i know its sucks) many many times (DoS attacks and nukes).

Microsoft is smart

[extrasolar]

What better way to make the most secure Operating System than to test a beta openly against being cracked! And trust me, they have no problem holding back the release of Windows 2000 until *every problem is fixed*. They might just do it this time; creating a really good operating system.

There will always be problems, of course. But what they are fixing happen to be what Linux has been known to be good at. First speed with the benchmarking fiasco. And now security. Linux has to be a big threat in their eyes. I wonder what they are going to come up with next?

I don't think Linux is going to become more than a cheap viable alternative as a servor OS for some time. I am looking forward to what I like to call "wave 2" when Linux or another free and open OS takes not the servor, but the desktop.

Mark my words.

--

Re:From the other end of it

[pirodude]

no kidding.. god i was getting all kinds of attacks and crap. My connection was slowing down and i usually go pretty fast here. execpc should have the bandwidth to keep something like this up and running. im kind of dissappointed after seeing that they were being almost demanded to stop by execpc.

Re:Fascinating...

[cookd]

On the other hand, this could be because enthusiasm about DoSing it seems to have decreased. Now hopefully it will stay up long enough for intelligent attacks to have a chance.

I might have to change my opinion about the whole thing. It might actually have been a not-so-bad thing for MS to put this server up. If they can use this to find better ways to code NT and to choose some defaults that keep the system more stable, more power to them.

One of the big deals about the LinuxPPC system was that it was really secure by default. I think MS is trying to get Win2k more secure on initial install (to get any kind of security out of NT4, you have to change a bunch of config settings) - at least that was one of their selling points for Win2k. As far as that goes, this is probably the best thing they could have done. I'm sure Win2k won't be as stable as Linux, but this is a good step in the right direction.

Then again, it would be nice to be able to like the company that you are making rich. I know that I really have a lot of problems with Microsoft as a company. But I do want their products to improve, since I'll have to live and work with them, like them or not.

I dunno. Install w2k first (was Re:WINDOWS WINS!)

[tlhIngan]

>>Ooooh! What a great idea! A PowerPC version on an Intel box. Hmmmmm....

Right after that I'm going to run out and try to install W2K on an iMac. =D

AFAIK, the latter's supposed to be already possible, given that w2k is released, and you're running Virtual PC... So you might be able to do the latter first.

Re:WINDOWS WINS!

[bmetzler]

Yeah, out of ram is not the machine. How come you defend anything non-MS, but if MS has the exact same thing it's bad. Selective hatred huh?

I wouldn't go so far as to say that running out of ram is not a problem. I think that there is something that most people are missing in this whole thing.

Computers, by their nature, are unstable. There are just to many variables involved to have a computer with no problems. So I am not surprised when computers crash and stuff. That's just something that has to be dealt with. The solution is to reduce the crashes to a minimum.

You can't say, well, neether OS is any good because they both crashed. You have to look at the overall status of how the OS works. LinuxPPC went about a whole week before crashing. W2K went for how many hours? If I am going to set up a web server I will not look at them both and say, "Well, they both crashed, I guess I'll not use either." Instead I'll be using the one that has the most uptime. That's what counts. It not as important as how many times it crashes, but how long it's up. And that's why I advocate Linux, even when it crashes occasionally.

-Brent

Re:WINDOWS WINS!

[bmetzler]

Yeah, out of ram is not the machine. How come you defend anything non-MS, but if MS has the exact same thing it's bad. Selective hatred huh?

I wouldn't go so far as to say that running out of ram is not a problem with Linux. I think that there is something that most people are missing in this whole thing.

Computers, by their nature, are unstable. There are just to many variables involved to have a computer with no problems. So I am not surprised when computers crash and stuff. That's just something that has to be dealt with. The solution is to reduce the crashes to a minimum.

You can't say, well, neether OS is any good because they both crashed. You have to look at the overall status of how the OS works. LinuxPPC went about a whole week before crashing. W2K went for how many hours? If I am going to set up a web server I will not look at them both and say, "Well, they both crashed, I guess I'll not use either." Instead I'll be using the one that has the most uptime. That's what counts. It not as important as how many times it crashes, but how long it's up. And that's why I advocate Linux, even when it crashes occasionally.

-Brent

Re:WINDOWS WINS!

[Jburkholder]

>If you put LinuxPPC on a P2 450 though...

Ooooh! What a great idea! A PowerPC version on an Intel box. Hmmmmm....

Right after that I'm going to run out and try to install W2K on an iMac. =D

Re:WINDOWS WINS!

[gavinhall]

Posted by Synsthe:

*sigh* Silly troll.

Linux couldn't handle it? It had nothing to do with Linux. Their bandwidth was dead. The linux box crashed a whole once due to not being allocated proper memory for such a task.

Meanwhile windows2000test.com has been down as much as linuxppc up, and up as much as linuxppc was down.

So I think if you believe this declares Windows the winner, that you need to get your eyes checked. Either that, or it means the frontal lobotomy was succesful.

Neither won. It wasn't a contest to see which would last longest. It was a contest to see if you could crack into the box. Since windows has been down, nobody has been able to crack it. Since immature folks (yourself included?) couldn't handle the contest at linuxppc, it has been taken to a new playing ground.

--
Mark Waterous (mark@projectlinux.org)

Fascinating...

The windows2000test.com server has become more stable over the last couple of days as they fix issues. I was able to reach it all last night as well as most of the day today. It seems to be down now, but at least they are posting status reports. slashdot.org which was down from yesterday early evening until about noon today, and is not responding well at this time. I see no status reports? And then crack.linuxppc.org completely throws in the towel after the machine starts getting hit hard enough to cause it to crash. I guess I think it's strange the reaction that you are having to this. It's pretty hypocritical. If anything Microsoft should be commended for continuing the challenge to improve their products. Anyway, tis funny watching the resonses here. I especially liked the one about the childish people attacking linuxppc, but then cheering on the people doing the same stupid thing to microsoft. heh

Re:Fascinating...

[HiThere]

Well, since their ISP appears to have been the deciding party, I don't find you argument convincing. Perhaps they should have cleared this with the ISP before initiating the challenge.

It's not too surprising that the W2K machine is now more stable, since reports had it as being unusably unstable. OTOH, I haven't been following this, so I don't know what more stable means. It's truely strange that they would put an alpha version of their program up for a public test, yet with all of the down time it surely can't be considered to be beta software yet.

Re:How heavy was the attacking?

[tlhIngan]

I wonder how many of those DoS packets were from GetAdmin et al... (a WinNT cracker, for those who don't know).

SOunded like the last time someone setup a "crack the Mac" contest - people used GetAdmin (!) on it.

Yerp, in future try offering up a real box

[QuantumG]

Blah.. You set out to show that a default install of Linux PPC is secure.. considering the number of script kiddies you got throwing every useless thing at it, I'd say it is. Big deal, default installs have been externally "secure" for years. The most machines get broken into because they are incorrectly configured or they are access remotely with authorization passed in the clear. Sniffing is the way crackers get through external security and once inside is where the default install becomes an issue. When you propose a challenge like this you have to state that you are seeking a penetration test. You want the external security tested, not your access policies.

Re:Yerp, in future try offering up a real box

[kijiki]

getadmin. the eEye IIS buffer overrun. the IIS ftp server buffer overrun. etc. All clearly cases of misconfiguration; The admin configured the machine with NT and not a secure OS.

You know...

[bortbox]

I'd hate to have an IP anywhere close to the Windows2000 crack(rock) site. In fact I'd hate to have anything within a class b range. God knows how many kiddies are doing batch port scans looking for god-knows-what. Seems like 'hacking' has changed its definition once again from systematically attacking a problem using logic to massivly attacking it with a sledgehammer.

BortBox

Listen to bug reports AFTER you release it

[QuantumG]

What would be better would be if Microsoft listened to the bug reports it got after it released it. Better yet would be to release source in the interests of security but that's never gunna happen. I feel justified in comparing a "come and crack us" security test against an operating system that we havn't even seen the asm code for, let alone the source code, to a "crack this encryption" snake oil scam. You prove little in either case.

crazy theory.. anyone want to take a stab at this?

[LordXarph]

I can't get to www.windows2000test.com to test this, but given the conversation on the group, the w2k box has a guestbook running that doesn't check for javascript. As the W2K test box doesn't have any remote admin stuff running (or so we're told), at some point, SOMEONE at the w2k test box will look at their guestbook whilst sitting at the console.
So, asking as a person who hates Javash^Hcript with a passion, how easy would it be to write a JScript that installs back orifice whenever the IP of the reader matches the IP of w2ktest.com? You can NOT look me in the face and tell me there's no IE bug that will let it remotely execute a BO2K installer....

-Lx?

But... But...

I thought Linux was supposed to be invincible!

Here's hoping that the Linux zealots will finally get a clue and quit the constant FUD spewing.

Re:But... But...

[zifnab]

I thought Linux was supposed to be invincible!

Common configuration doesn't limit the use of resources by simple users. But any Bofh admin would put limits on the number of processes the users can launch, and the RAM they can waste.
--

Uh, you're kidding right?

I don't think that the slashdot community defends anything non-MS, far from it... I believe that /. tries to be objective.

ROTFLMAO! To read the average post from the "slashdot community", you'd think Linux was the cure to cancer! (Hint: it's just another Unix clone, and not even a very good one at that. Why it got popular while the superior BSD variants toiled in obscurity, I'll never understand.)

But to be perfectly fair, I think it's true that the slashdot community doesn't defend anything non-MS -- rather, the community defends Linux even when it doesn't deserve it and attacks MS regardless. It's like a sporting event where the Linux zealots are just blindly rooting for the home team. Objective? Not on your life.

It's not crack attempts..

[Rendus]

It's people being jackasses and ping flooding, smurfing, etc.. the box itself and others on the network.

A little clue here: You can't break into the box with ping -f, people.

stupidity rules again

[SirSlud]

Yet Another Example of how stupidity, immaturity and a lack of respect ruins a good thing (tm).

Its ironic that anyone who contributed to the problems outline on crack.linuxppc.org contributed nothing at all. And probably never does.

This is a joke, right?

[KidIcarus]

Get real. The Linux machine crashes once over the course of like six days, as compared to a windows machine that's been down so many times that I only managed to get onto it for the first time about to hours ago. So windows, with all it's stability problems, suddenly 'wins' because Linux isn't perfect? What kind of logic is that? It's questionable as to whether the one crash Linux did experience is the fault of the OS, or the operator who thought that less than 2x RAM as swap would be enough. They only discontinued the contest because they were tired of the idiots who thought that DoS attacks would somehow allow them to crack the server.

Cracker Hackdown

[Skip666Kent]

I thought people specialized in this sort of thing, cracking and all that. Guess that stuff only happens in 'Hacker Crackdown' books. One could of course assume such a "high profile" target would shunned by the highly skilled, anonimity-craving Cracker Elite, but I'd be tempted to say 6u115h1t on that!

Re:WINDOWS WINS!

[RichMan]

too many stupid people in the world,
so little napalm.

Both challenges were pretty stupid attention getting stunts. We know web servers crash when everyone on /. follows a link. What happens if .01% of /. decides to packet flood, DNS spoof and otherwise attack whole segments of the net?

Bad metaphor:
They tried to invite the world to come party in a one horse salon at the end of a dirt road.

As linuxppc says on their sight legitimate hack attempts were not possible due to the large packet loss caused by the high traffic.

It stayed up under large traffic, that was good.

Maybe Microsoft can afford the support to keep their network running. Hopefully the whole thing will quietly go away. It was a good load test for both systems. Not a good security test.

Re:WINDOWS WINS!

Yeah, out of ram is not the machine. How come you defend anything non-MS, but if MS has the exact same thing it's bad. Selective hatred huh?

Windows 2000 Is more Secure than Linux

I mean, Since the machine is offline because it crashes half the time, it cannot be accessed globally, therefore higher security. Something MS should consider in their promotion Documation. Higher Security: Windows 2000 has much higher security than previous versions. When Windows 2000 detects a Security attack in progress, It produces a Blue Screen Stop Error, Effectively halting the Hacker and protecting your vital files from harm.

Re:Windows 2000 Is more Secure than Linux

[KingBob]

Dude, when Windoze detects just about anything it produces a bloody blue screen! This effectively halts everything - including productivity, eh?

Disgruntled MS employees

all the pings were probably coming from annoyed microsoft employees and supporters who figured just crashing the box would be good enough.

Define "real" hacking.

Aside from the issues of showing up on every single security detection tool, I don't see much of a problem. CPU time is cheap and human time expensive. Let the computer do more of the work scanning. If it gets lucky, you have to put out a lot less effort.

What do you define as "real" hacking and not script-kiddying? I mean, a) you find a hole and write an exploit, or someone else does -- either way in a common piece of software like Apache or something, or b) you find a hole in the target's propriatory software (like a CGI problem or something), and exploit that. B) seems to be commonly considered a "script kiddie" exploit these days. Using someone else's exploits/discovered holes is "script kiddieing". What's left? Are you required to sit down and find your own overflow or whatever in IIS or whatever and write your own exploit to be considered "good"? (Disclaimer: I've never written more than 6 or so lines of assembly in a single clump...)

What, "real" hackers don't use scripts? So do these elite skillmongers type out commands 200 times, or do they just ignore holes that could easily be found with a script because it's "beneath them"?

Get freaking real. Everyone bashes the elusive "script kiddies"...is anyone here ready to say that they are a "real" hacker, and what makes them so? All the attacks that ever seem to make the news seem to be slammed as "script kiddie attacks". (Okay, yeah, it's probably the good ones that don't get noticed. But then what the heck are they?)

Is packet sniffing elite? Ummm....don't think so.

How about using a rootkit? Errr...don't think so again.

I'll agree flat out that smurfing and friends for the sole purpose of aggravating the target is pretty lame, but what *isn't*?

What the *heck* is left?

Re:Define "real" hacking.

Using someone else's exploits/discovered holes is "script kiddieing".

Exactly.

What's left? Are you required to sit down and find your own overflow or whatever in IIS or whatever and write your own exploit to be considered "good"?

Pretty much yes. Anybody can take somebody elses scripts & root kits, fire away, and hope to get lucky. That doesn't take any skill, so why call it real hacking. Of course real hackers use scripts. However, real hackers don't just blindly fire away at a site with everything they've got (DoS attacks included) hoping to get lucky. Real hackers use their brain to investigate the site, determine how it is configured, map the network topology, and determine the site's weaknesses. Then probe the weaknesses with known exploits. Don't waste your time with attacks that aren't going to work. If no known exploits are available to take advantage of the site's weaknesses, then create your own. If you've gotten this far by using your brain and investigating instead of randomly trying every script you have, then you've graduated beyond being a script kiddie. If you do manage to create a new exploit, then consider yourself good. For those people who are religious about the hacker/cracker thing, please excuse the use of the term hacker in the above paragraph - I was just following the context of the original poster.

What the *heck* is left?

Try being creative. New exploits are found all the time.

You're the joke

You understand how TCP works, right? Just because you can't get on doesn't mean the machine is down. More likely it's just getting flooded so heavily that real connection attempts can't get through. The stats show that the Linux box wasn't getting anywhere's near the packet rate that the Win 2K box has been getting, so it should have had an easy time of it. Instead it crashed. I'm not impressed.

Re:You're the joke

Wow, which reality do you live in?

Have you bothered to look at the Win2000 status page? The machine has been rebooted so many times it's not funny. So, alot of times when you could not get through was because of the machine was down. They even had to hack the TCP/IP stack of the thing to keep it up.

And what all this has to do with security? Not much. Says something about stability though. If I'm gonna pay big bucks for a web server and then have to wait for some Microserf to bother and fix it's TCP/IP stack, I'm spending my money on something else.

Yeahyeah, its beta and blah blah blah....

Anyway, I'd love to go an watch the windows2000test page status again, but I can't. DNS name lookup failure. I wonder, are they still having those thunder storms in Seattle?

Seems like less with more processor usage

[just+someone]

Perfmon info from 8/6/99 12:50pm
Datagrams Received/sec Avg: 4518
% Processor Time Avg: 30-47

8/11/99 Events
21:30 - There is so much traffic to the site that it is going to be difficult to get connections.

Frames/sec 6,000
Bytes/sec 400,000
Datagrams Received/sec 2312
Datagrams Sent/sec 3146
% Processor Time 99

From the other end of it

[oNZeNeMo+(guns'n+amm]

I have a clear picture of where the linuxppc folks were coming from when dealing with the bandwidth usage. I access the internet through execpc, their service provider, and was forced to use another service temporarily as establishing connections grew impossible. tcpdump was also picking up more than it's fair share of really odd packets as well. I never thought a mere modem user could feel the heat of traffic upstream, but it was certainly felt. If Microsoft were really sure of their product, they would offer to host the linuxppc machine at this point.

W2Ktest site DNS problems...

[HHaygood]

I find it interesting that the DNS servers listed as authoritative for the windows2000test.com domain (man whois(1)) don't seem to respond anymore. Perhaps MS has also decided to back out, sneaking away like a misbehaved child who's been caught?

Finite resources

[RallyDriver]

If like most of us you have a machine with finite resources (memory, swap space, kernel PID's, whatever) then it is possible to come up with a situation where you run out of them. Handling all possible situations of this kind is not a core responsibility of the kernel, working well in more common situations is.

It is impossible to guarantee to defend against all possible DoS attacks while maintaining service to legitimate users (for the CS grads - Decidability, Halting Problem)

In a real situation, web servers sit behind firewalls.

Dave

Re:crazy theory.. anyone want to take a stab at th

[kuro5hin]

Nope. None that I know of (and I have written a lot of javascript). Say what you will about javascript, and it certainly does suck to code in, but AFAIK, there's no way to make it execute something like a BO installer even if it were sitting on the local machine already. Now maybe you could make it look at the host, do the check, and have it try to fetch the installer from a remote host. But the user would be prompted for a "save as" unless there's some kind of autoexecute mime type. Y'know, this was supposed to be a "no way" answer, but now that I think about it more, Jesus, there could concievably be such a MIME type in windows world.

MIMEType: application/x-totally-insecure
Action: Run immediately

Regardless, I think they now filter all html tags out (and by "now" I mean "those brief intevals when the box is actually up")
----------------------
"This moon-cheese will make me very rich! Very rich indeed!

Re:crazy theory.. anyone want to take a stab at th

[larien]

MIMEType: application/x-totally-insecure
Action: Run immediately

Doesn't that get damn near the default for CraptiveX?
--

Re:W2k? ...from the W2K status page...

[Sun+Tzu]

8/12/99 Events

12:00 We are still trying to find the right configuration to handle the combination of legitimate connection requests and the flood of attack packets. The new TCPIP stack has a couple of different configuration values that affect how it responds. Yes, we will be publishing exactly how this server is configured.

8:00 The server crashed again this morning. In the same part of the TCPIP stack as before. The TCPIP stack is still having difficulty with a prolonged attack. We are going to try some different configurations and see if we can bump up the connection rate.

Configuration
500MHz Pentium III with 256mb of RAM.

spelling

[sevenseven]

mm.. spelling on the site might have been improved.... just a thought

I....

Won't stop hacking it though.

Re:WINDOWS WINS!

Yeah, out of ram is not the machine. How come you defend anything non-MS, but if MS has the exact same thing it's bad. Selective hatred huh?

I don't think that the slashdot community defends anything non-MS, far from it... I believe that /. tries to be objective. The fact of the matter is, if both machines were side-by-side with identical hardware and usage, the W2K box would fail way before the LinuxPPC box did. If you don't believe this, I suggest you try it.

Beware TPB

No, you're the winner!

Dude, you got First Post!

two questions

[glo-worm]

so i'm still not clear: it didn't ever really get cracked, then?

and what exactly was this that Omar Shenker accomplished?

thanks

Re:two questions

[Rendus]

No, it was never broken into..

All Omar did was submit a better looking set of pages to the person running the contest. What the person originally meant was similar to if you break in, change the page to something better please.

Sort of like saying "Just add yourself to /etc/passwd and make a home directory"

Re:WINDOWS WINS!

[Rendus]

Actually, it depends...

If the box was a PPC box, yeah Windows would fail first.

If you put LinuxPPC on a P2 450 though...

Re:WINDOWS WINS!

[friskyotter]

That's not a reasonable analogy, b/c the cause of the hang is a configuration issue, not a bug. You could argue that they should of expected the extreme loads they got, but in their defense you would think that people would have known better than to try a ping flood as an "exploit". Even folks who've never cracked anything more than a can of beer (like me =) ) ought to know better than that...

LinuxPPC kernel bugs?

17:45 CST: Ok I got stuck on the phone all day, "and being the only one still here, came in today discovered crack had run out a RAM around 3 am. I could still switch consoles, and last snapshot of stats shows 3 MB of RAM and 4 MB of swap left free, so it was hung. I may have won a long standing arguement with this, "always have at least 2x RAM as swap." Oh well, it would have been up sooner if someone had been around to see it hung. -Brian(Not on the phone anymore). " My experience has been that LinuxPPC does NOT handle running out of RAM/Swap at *all*, as opposed to Intel Linux which kills random processes. Intel Linux at least has a chance. I've never seen (recent) PPC kernels survive running out of memory. I suspect a kernel bug.

Re:LinuxPPC kernel bugs?

[dattaway]

I did a fork bomb as a user once on my box and I got tired of waiting for it to crash, but when I came home from work 12 hours later, it was dead and not pingable. It was an older development kernel, but I'm wondering how Linux withstands these attacks currently. Anyone tried? I'd hate to kill my uptime...

Re:W2K...

since your problems have been identified as problems in the TCP/IP stack, maybe you should contact the maker of that worlds smallest web server, and ask for his tcp/ip stack code, may not be a complete tcp/ip stack, but it probably is a hell of a lot more stable!

It is only RFC-1122 compliant. TCP/IP a very much changed since. If they don't implement congestion avoidance, they using this stack on Windows machines, will result in an instant congestion collapse of all or parts of the Internet. Congestion avoidance was specifically implemented in response to such collapses in the 80ies, where the bandwidth on some backbones went down to several bit/seconds.

Microsofts excuse to the public published.

A direct translation of the note someone at microsoft managed to get published in Swedish newspaper (www.dn.se), if this is not a blatant lie I'd be very suprised. The notice though is very real:

Blizzard crashed Microsofts test Higher powers interfered when betatesters was about to attack one of Microsofts sites to look for security holes in the new Windows 2000. The system is supposed to be the most stable so far, according to the company. But Mother Nature struck with electrical storms in Redmond, Washington and brought down the server before anyone had a chance to start hacking

I am amazed that they tried to get away with something like this, with the publicity around www.windows2000test.com there is no confusion about that it would be the test referred to. I wouldn't have minded if I read it in flashback, but when my daily newspaper prints stuff like this I get really mad. Patrik

sigh.

[Dolio]

all I can say is, thanx for the ride.
it was fun, and many of us could still
use the machine ;) too bad about the
memory thing, big nod on the swap space
situation. It can be the difference
between breaking early, (as it were)
and grinding on through the insanity.
maybe y2k just needed more ram all this time :P

just wanted to point out that as the y2k is beta,
Linux is under constant revision,
not a flaw, but an advantage, me thinks.

Peace
Dolio

Re:I dunno. Install w2k first (was Re:WINDOWS WINS

[Jburkholder]

you mean the former?

I agree...

[KingBob]

He's gone the closest (pretty darn close - for my money) to date.

Since they have effectively pulled the plug on the experiment prematurely for reasons they really should have anticipated from the outset they should now cough up the goods!!!

How heavy was the attacking?

[Mike+A.]

I'm curious as to whether www.windows2000test.com and crack.linuxppc.org were under similar loads.

If the W2K box was getting 500 times the amount of traffic or something, it stands to reason that it would go down more often, quite aside from the relative stability of W2K vs. LinuxPPC; on the other hand, if the loads were similar, then this is a slam-dunk result in favor of Linux with regard to stability.

Either way, of course, it doesn't prove anything about the relative security of the OSes.