Slashdot Mirror
Crack LinuxPPC Contest Is Over
BlueVelvet writes "The crack.linuxppc.org contest is over. Due to a waste of bandwith, illegal activities, and other reasons." Get the full story here. Seems some people were trying to crack other machines on their ISP. The folks at LinuxPPC say that if you send in a workable method to get into one configured like theirs, you can still win, but please stop eating up their ISP's bandwidth with crack attempts now, okay?
According to the status log at crack.linuxppc.org,
;)
at one point (no idea how long) they were getting 417 packets/second. I can't get to the windows2000test page, but the largest published number was 200(+something smallish) packets/second. Meaning the PPC box was experiencing nearly twice the packet load.
Or, from another standpoint, of _course_ the linuxppc site was getting more traffic, since it was available and windows2k wasn't
The enemies of Democracy are
If I could only be like you, I too would be cool. Seriously, don't be lame. What is you're reasoning behind continuing to crack into the box?
or:
while (1) {
fork();
malloc(1024);
};
Get a fork bomb going and eat all of the ram. I know that used to screw over a box nice and good, haven't tried it on 2.2.x though.
-matt
MS' Server has been down so many times that it's almost sad. Ok, well it's not even close to sad. It's hilarious. I'd say they've already lost.
Not to mention that their pages were broken to about half the browsers from the time they started. Doesn't make them look good.
bp
For single user, just set the limit to about as much memory as you have per process. Netscape used to hang my machine in thrashing. Tried something like this:
ulimit -Hs 31000
ulimit -Hd 63000
when I had 32mb of ram. Netscape would crash a lot though, but at least the rest lived.
Although, I still wonder, how would I stop one of those malloc or fork bombs. The fork bomb made my system very slow, lucky I didn't lose focus on the xterm it was running in. About how long would it take to die.
I know I will be moderated down for this, but . . . Vincent
If it's a single user system, it's probably not a server on the public side of a firewall, where a bunch of people will be trying to trash it.
-- Keith Moore
This sig is the express property of someone.
'ulimit'. I believe it's been supported for quite a while.
Only the dead have seen the end of war.
Comment removed based on user account deletion
/. is not an objective source for anything. The linux bias on the part of the people who run the site and moderate and post comments is overwhelming. Basicaly the attitude is "if its not linux/OSS its CRAP"
/. on a regular basis knows this however, so we don't take the "News for nerds. Stuff that matters" thing seriously. Id like to see alot more about BeOS here too, but despite it probably being the most technicaly advanced desktop OS out there, its Not Linux, so few /.ers would care.
Anyone who reads
I mean not to be naive but it would have been brilliant if the kidz were following him around and he happened to have telnetted in from some place unsecure?
But then it won't be brilliant. It would be human engineering (no security hole in Linux PPC exploited). No more than spying him when he types his password directly on the console.
Minor point:
I think the original poster meant "brilliant" in the British sense, that is, a synonym for "cool" or "neat-o".
I don't think that the slashdot community defends anything non-MS, far from it... I believe that /. tries to be objective.
I would have to disagree with this line. Slashdot has a HUGE Linux bias. Mostly everything on this site has some tie to Linux...only occationally, do stories about things I'd rather hear about (BeOS, MacOS) peek out. Although Linux is good, I would hardly call the reporting on Slashdot objective.
--------------------------
So they crashed and instead of giving away the machine they ended the contest. That memory exhaustion crash bug has been around for over a year. Any Linux box can be crashed easily by exhausting its memory repeatedly.
Fork bombs will slow things down a great deal, but I've never known them to actually kill the kernel. It will make things crawl though :-)
As soon as the process table for that user fills up, nothing more can spawn (until you start killing of course). I think the process table size per user is something like 1024. You can change this in (I think) limits.h in the kernel source.
-scott__
-Scott scott@surrealistic.org
Comment removed based on user account deletion
In a perfect world, Linux wouldn't crash when it runs of memory/swap. Unfortunately, there are (some) bugs in the Linux 2.2.x kernel where developers forget to check for memory allocation failures. For example, many device drivers call kmalloc() or get_free_page() without checking whether the returned pointer is NULL. These functions can return NULL, but will only do so under extreme stress. If these unchecked NULL pointers are used in the code, then BOOM!! I've reported these bugs to their owners. Alan Cox fixed a bunch for Linux 2.2.11, but some other developers didn't care, claiming the kmalloc() would "never" return NULL. If Linux is going to be taken seriously as an "enterprise-ready" OS, can Linux developers really have such a not-my-problem attitude to bugs?
BTW, I've scanned the FreeBSD 3.1 source code with the same lint script and found ZERO unchecked malloc() calls. Linux 2.2.10 had a couple dozen...
cpeterso
They really should have controlled the experiment better then shouldn't they? Perhaps isolating the box off their (critical) network, or limiting it's intranet connectivity to other, non-critical machines? Yes it seems simplistic, but then maybe they'd have gotten better results, less troubles and slightly less egg on their faces!
I once did a fork bomb that was a shell script that called itself twice on a friends box. Either it crashed, or it was slowed down so much that its state was indistinguishable from a hardlock. The owner of the box had to hard reboot it, couldnt log in from anywhere. I guess this sort of fork bomb would essentially be a memory gobbling fork bomb like someone else described since each execution of the script uses 300k (at least on my alpha unix box that I'm sitting at) or so for bash.
Not to mention this cult of personality that everyone here seems to have built up around Linus Torvalds. To read the posts, you'd think "Linus" (what, everyone's on a first-name basis with somebody they've never met?) is every /.er's best friend, favorite uncle, and the Messiah to boot.
"Don't touch the bunny!"
Anyone noticed that he telnetted into the box to do the update? Did anyone snag the password?? Its not entirely surprising that people are trying to grab upstream boxes ..
-avi
So what's with www.windows2000test.com? I haven't been able to get there for a week. Did they give up? I live just north of Seattle so I know it isn't the weather this time....
---
Put Hemos through English 101!
"An armed society is a polite society" -- Robert Heinlein
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
hehehe...nice one dude.
Perhaps that's the Micro$oft security strategy - if you can't connect to the box you can't crack it - you can't get more secure than that!
;)
Why do people think this means that "Windows wins?" The LinuxPPC Contest was launched as a response to the NT 2000 site being put online, but I don't recall Microsoft or anybody at all, actually, setting it up as a formal challange.
It seemed to me more of a "me-too" effort on the part of the LinuxPPC site. Does anybody know of any way at all that Microsoft even acknowledged there was a 'contest' taking place?
PPC was up during a period when Win went down several times. The stats are about equal.
PPC comment for 8/5
18:58 CST: Averaging 437.46 packets per second(tcpdump)
Windows:
Perfmon info from 8/5/99 4:00pm
Datagrams Received/sec Avg: 326
Fragments Received/secAvg: 104
Total Fragment Reassembly Errors1574000 in the last 3 hours
Connections/sec Avg: 100
% Processor Time Avg: 20
Memory use steady at about 113264K
Right on. A thoughtful, reasonable and informational post. Thanks guy/gal whoever you are.
;-)
It's good to see there are still people who have their wits at the same time they have something worth saying. I'd almost begun to think they were mutually exclusive.
cheers,
-matt
> No "NT defender" has the same motivation as many of the cult-memberish Linux community. Trying to pretend so is ridiculous.
You need to get on over to comp.os.linux.advocacy and count the full-time (and I do mean full time) NT advocates that have set up camp for trolling and laying turf. You might learn that NT, like Linux, Amiga, OS/2, and the Mac, has extremists among its "defenders".
Trying to pretend otherwise is ridiculous.
ps -- Didja hear today's news that a Micorsoft employee got caught red-handed in a bit of anti-AOL astroturfing? I reckon not, or you wouldn't be saying that no NT advocates have "cult-memberish" motivations.
Sheesh, evil *and* a jerk. -- Jade
Yeah, well, www.windows2000test.com was st00pid first. :)
--
Do I look like I speak for my employer?
you know in some kind of ironic way this troll is half-right...
-- your knees hurt, don't they?
After the first day or so (once everyone started finding out about the box), the Win2K status page reported frequently receiving over 6000 frames/sec (> 7000 datagrams/sec). The highest packets/sec that I see reported on the LinuxPPC status page is about 556. I'm not sure what number you're referring to on the Win2K status logs.
Seeing as the LinuxPPC group dropped out of the competition, blaming it on attacks upon other computers, while we haven't seen any such whines from the Win2K group (as if the Win2K box attackers haven't been trying the same tricks), I'm not at all convinced that the LinuxPPC box could've stood up to the attacks that the Win2K box has received. Did any but the most wacked-out zealots really believe that people would go after the Linux box the hardest?
For the Linux zealots: I hope every name that you were prepared to call the Win2K team had they dropped out, will now be applied to the LinuxPPC team. Quitters, babies, whatever. C'mmmmon, don't tell me you wouldn't have. Just look at all the yahoos who just about wet their pants just because someone toyed with the JavaScript in their Win2K guestbook posts.
Cheers,
ZicoKnows@hotmail.com
On the other hand, the Windows 2000 box might have crashed after receiving 200+ packets/second, and never had a chance to go up to 417 packets/second.
Wish we could know exactly what's happening, but MS is trying to spin this, not really gain anything from it.
Probably for the Mindcruft benchmarks. Stability wasn't an issue then.
Ooops.
Sheesh, evil *and* a jerk. -- Jade
For Redhat linux (5 and above?) It's set down too 256.
Kiddiez flood the win2k box and everyone marks it up to Microsoft is screwed up. Then the Linux box gets hit with the same thing, and ppl whine about it. At least be consistent. The Linux box hung once and ran out of RAM once while dealing with 1/10 the bandwidth the MS box is dealing with. If you really want to brag, sit a Linux box on a T3, then stand up to the same firestorm. Not saying that it would or wouldn't do better, but that if you want a fair contest, then handle the same loads.
Use ulimit in /etc/profile and limit each user to a sane number of processes. I set mine to 128. Ran a forkbomb, and the box slowed down quite a bit (processor spiked...hehe) but I was able to kill off the offender and things came back down to normal.
I mean, Since the machine is offline because it crashes half the time, it cannot be accessed globally, therefore higher security.
Instead of "Security through obscurity", it's "Security through instability"?
Ooh, a sarcasm detector. Oh, that's a real useful invention.
just /.ed. Ever since that bit about the Kansas board of education (broke Hellmouth's record!) it's been slow, but not down. I can't guaruntee that it was up yesterday (the 11th) but it was up whenever I tried this morning (the 12th). It was r*e*a*l*l*y slow, but still up. The Kansas story went up at ~7pm the 11th, so that seems to be a good explination.
One attack succeeded in hanging the box, but the guru's were off a linux world.
and then the ISP turned on the firewall.
i am on the same isp as crack.linuxppc.org and i was getting nailed with all kinds of stupid attacks. they must have scanned the entire execpc class b subnet. I had tons of telnet requests into my server and someone successfuly crashed my win 98 machine (yea i know its sucks) many many times (DoS attacks and nukes).
There will always be problems, of course. But what they are fixing happen to be what Linux has been known to be good at. First speed with the benchmarking fiasco. And now security. Linux has to be a big threat in their eyes. I wonder what they are going to come up with next?
I don't think Linux is going to become more than a cheap viable alternative as a servor OS for some time. I am looking forward to what I like to call "wave 2" when Linux or another free and open OS takes not the servor, but the desktop.
Mark my words.
--
no kidding.. god i was getting all kinds of attacks and crap. My connection was slowing down and i usually go pretty fast here. execpc should have the bandwidth to keep something like this up and running. im kind of dissappointed after seeing that they were being almost demanded to stop by execpc.
On the other hand, this could be because enthusiasm about DoSing it seems to have decreased. Now hopefully it will stay up long enough for intelligent attacks to have a chance.
I might have to change my opinion about the whole thing. It might actually have been a not-so-bad thing for MS to put this server up. If they can use this to find better ways to code NT and to choose some defaults that keep the system more stable, more power to them.
One of the big deals about the LinuxPPC system was that it was really secure by default. I think MS is trying to get Win2k more secure on initial install (to get any kind of security out of NT4, you have to change a bunch of config settings) - at least that was one of their selling points for Win2k. As far as that goes, this is probably the best thing they could have done. I'm sure Win2k won't be as stable as Linux, but this is a good step in the right direction.
Then again, it would be nice to be able to like the company that you are making rich. I know that I really have a lot of problems with Microsoft as a company. But I do want their products to improve, since I'll have to live and work with them, like them or not.
Time flies like an arrow. Fruit flies like a banana.
>>Ooooh! What a great idea! A PowerPC version on an Intel box. Hmmmmm....
Right after that I'm going to run out and try to install W2K on an iMac. =D
AFAIK, the latter's supposed to be already possible, given that w2k is released, and you're running Virtual PC... So you might be able to do the latter first.
I wouldn't go so far as to say that running out of ram is not a problem. I think that there is something that most people are missing in this whole thing.
Computers, by their nature, are unstable. There are just to many variables involved to have a computer with no problems. So I am not surprised when computers crash and stuff. That's just something that has to be dealt with. The solution is to reduce the crashes to a minimum.
You can't say, well, neether OS is any good because they both crashed. You have to look at the overall status of how the OS works. LinuxPPC went about a whole week before crashing. W2K went for how many hours? If I am going to set up a web server I will not look at them both and say, "Well, they both crashed, I guess I'll not use either." Instead I'll be using the one that has the most uptime. That's what counts. It not as important as how many times it crashes, but how long it's up. And that's why I advocate Linux, even when it crashes occasionally.
-BrentI wouldn't go so far as to say that running out of ram is not a problem with Linux. I think that there is something that most people are missing in this whole thing.
Computers, by their nature, are unstable. There are just to many variables involved to have a computer with no problems. So I am not surprised when computers crash and stuff. That's just something that has to be dealt with. The solution is to reduce the crashes to a minimum.
You can't say, well, neether OS is any good because they both crashed. You have to look at the overall status of how the OS works. LinuxPPC went about a whole week before crashing. W2K went for how many hours? If I am going to set up a web server I will not look at them both and say, "Well, they both crashed, I guess I'll not use either." Instead I'll be using the one that has the most uptime. That's what counts. It not as important as how many times it crashes, but how long it's up. And that's why I advocate Linux, even when it crashes occasionally.
-Brent>If you put LinuxPPC on a P2 450 though...
Ooooh! What a great idea! A PowerPC version on an Intel box. Hmmmmm....
Right after that I'm going to run out and try to install W2K on an iMac. =D
Posted by Synsthe:
*sigh* Silly troll.
Linux couldn't handle it? It had nothing to do with Linux. Their bandwidth was dead. The linux box crashed a whole once due to not being allocated proper memory for such a task.
Meanwhile windows2000test.com has been down as much as linuxppc up, and up as much as linuxppc was down.
So I think if you believe this declares Windows the winner, that you need to get your eyes checked. Either that, or it means the frontal lobotomy was succesful.
Neither won. It wasn't a contest to see which would last longest. It was a contest to see if you could crack into the box. Since windows has been down, nobody has been able to crack it. Since immature folks (yourself included?) couldn't handle the contest at linuxppc, it has been taken to a new playing ground.
--
Mark Waterous (mark@projectlinux.org)
I wonder how many of those DoS packets were from GetAdmin et al... (a WinNT cracker, for those who don't know).
SOunded like the last time someone setup a "crack the Mac" contest - people used GetAdmin (!) on it.
Blah.. You set out to show that a default install of Linux PPC is secure.. considering the number of script kiddies you got throwing every useless thing at it, I'd say it is. Big deal, default installs have been externally "secure" for years. The most machines get broken into because they are incorrectly configured or they are access remotely with authorization passed in the clear. Sniffing is the way crackers get through external security and once inside is where the default install becomes an issue. When you propose a challenge like this you have to state that you are seeking a penetration test. You want the external security tested, not your access policies.
How we know is more important than what we know.
Do any of us still really care enough about Microsoft??? Who cares what they win... A spot that says they crashed the most and they keep their server up longer so it could crash more? they might even have the last laugh that they could put the $$$ into affording the bandwith and the idiotic users trying to get into other systems. The thing that PO's me the most is that Linux PPC promised a computer to AbiSource, and used that same computer to give to a security assurance test... AbiSource right now is one of the closest buisiness models following Free Software or OSS. Give them the F***ing computer. Don't list it as one of the big reasons to stop the "contest." Power PPC in my book has fallen prey to the same PR that MS uses.
JS
I'd hate to have an IP anywhere close to the Windows2000 crack(rock) site. In fact I'd hate to have anything within a class b range. God knows how many kiddies are doing batch port scans looking for god-knows-what. Seems like 'hacking' has changed its definition once again from systematically attacking a problem using logic to massivly attacking it with a sledgehammer.
BortBox
What would be better would be if Microsoft listened to the bug reports it got after it released it. Better yet would be to release source in the interests of security but that's never gunna happen. I feel justified in comparing a "come and crack us" security test against an operating system that we havn't even seen the asm code for, let alone the source code, to a "crack this encryption" snake oil scam. You prove little in either case.
How we know is more important than what we know.
I can't get to www.windows2000test.com to test this, but given the conversation on the group, the w2k box has a guestbook running that doesn't check for javascript. As the W2K test box doesn't have any remote admin stuff running (or so we're told), at some point, SOMEONE at the w2k test box will look at their guestbook whilst sitting at the console.
So, asking as a person who hates Javash^Hcript with a passion, how easy would it be to write a JScript that installs back orifice whenever the IP of the reader matches the IP of w2ktest.com? You can NOT look me in the face and tell me there's no IE bug that will let it remotely execute a BO2K installer....
-Lx?
It's people being jackasses and ping flooding, smurfing, etc.. the box itself and others on the network.
A little clue here: You can't break into the box with ping -f, people.
Yet Another Example of how stupidity, immaturity and a lack of respect ruins a good thing (tm).
Its ironic that anyone who contributed to the problems outline on crack.linuxppc.org contributed nothing at all. And probably never does.
"Old man yells at systemd"
Get real. The Linux machine crashes once over the course of like six days, as compared to a windows machine that's been down so many times that I only managed to get onto it for the first time about to hours ago. So windows, with all it's stability problems, suddenly 'wins' because Linux isn't perfect? What kind of logic is that? It's questionable as to whether the one crash Linux did experience is the fault of the OS, or the operator who thought that less than 2x RAM as swap would be enough. They only discontinued the contest because they were tired of the idiots who thought that DoS attacks would somehow allow them to crack the server.
I thought people specialized in this sort of thing, cracking and all that. Guess that stuff only happens in 'Hacker Crackdown' books. One could of course assume such a "high profile" target would shunned by the highly skilled, anonimity-craving Cracker Elite, but I'd be tempted to say 6u115h1t on that!
**>>BELCH
too many stupid people in the world,
/. follows a link. What happens if .01% of /. decides to packet flood, DNS spoof and otherwise attack whole segments of the net?
so little napalm.
Both challenges were pretty stupid attention getting stunts. We know web servers crash when everyone on
Bad metaphor:
They tried to invite the world to come party in a one horse salon at the end of a dirt road.
As linuxppc says on their sight legitimate hack attempts were not possible due to the large packet loss caused by the high traffic.
It stayed up under large traffic, that was good.
Maybe Microsoft can afford the support to keep their network running. Hopefully the whole thing will quietly go away. It was a good load test for both systems. Not a good security test.
I mean, Since the machine is offline because it crashes half the time, it cannot be accessed globally, therefore higher security. Something MS should consider in their promotion Documation. Higher Security: Windows 2000 has much higher security than previous versions. When Windows 2000 detects a Security attack in progress, It produces a Blue Screen Stop Error, Effectively halting the Hacker and protecting your vital files from harm.
Well, since their ISP appears to have been the deciding party, I don't find you argument convincing. Perhaps they should have cleared this with the ISP before initiating the challenge.
It's not too surprising that the W2K machine is now more stable, since reports had it as being unusably unstable. OTOH, I haven't been following this, so I don't know what more stable means. It's truely strange that they would put an alpha version of their program up for a public test, yet with all of the down time it surely can't be considered to be beta software yet.
I think we've pushed this "anyone can grow up to be president" thing too far.
Perfmon info from 8/6/99 12:50pm
Datagrams Received/sec Avg: 4518
% Processor Time Avg: 30-47
8/11/99 Events
21:30 - There is so much traffic to the site that it is going to be difficult to get connections.
Frames/sec 6,000
Bytes/sec 400,000
Datagrams Received/sec 2312
Datagrams Sent/sec 3146
% Processor Time 99
Common configuration doesn't limit the use of resources by simple users. But any Bofh admin would put limits on the number of processes the users can launch, and the RAM they can waste.
--
Memory fault -- brain fried
I have a clear picture of where the linuxppc folks were coming from when dealing with the bandwidth usage. I access the internet through execpc, their service provider, and was forced to use another service temporarily as establishing connections grew impossible. tcpdump was also picking up more than it's fair share of really odd packets as well. I never thought a mere modem user could feel the heat of traffic upstream, but it was certainly felt. If Microsoft were really sure of their product, they would offer to host the linuxppc machine at this point.
I find it interesting that the DNS servers listed as authoritative for the windows2000test.com domain (man whois(1)) don't seem to respond anymore. Perhaps MS has also decided to back out, sneaking away like a misbehaved child who's been caught?
If like most of us you have a machine with finite resources (memory, swap space, kernel PID's, whatever) then it is possible to come up with a situation where you run out of them. Handling all possible situations of this kind is not a core responsibility of the kernel, working well in more common situations is.
It is impossible to guarantee to defend against all possible DoS attacks while maintaining service to legitimate users (for the CS grads - Decidability, Halting Problem)
In a real situation, web servers sit behind firewalls.
Dave
MIMEType: application/x-totally-insecure
Action: Run immediately
Regardless, I think they now filter all html tags out (and by "now" I mean "those brief intevals when the box is actually up")
----------------------
"This moon-cheese will make me very rich! Very rich indeed!
There is no K5 cabal.
I am not the real rusty.
--
8/12/99 Events
12:00 We are still trying to find the right configuration to handle the combination of legitimate connection requests and the flood of attack packets. The new TCPIP stack has a couple of different configuration values that affect how it responds. Yes, we will be publishing exactly how this server is configured.
8:00 The server crashed again this morning. In the same part of the TCPIP stack as before. The TCPIP stack is still having difficulty with a prolonged attack. We are going to try some different configurations and see if we can bump up the connection rate.
Configuration
500MHz Pentium III with 256mb of RAM.
Geeky modern art T-shirts
mm.. spelling on the site might have been improved.... just a thought
...sie sind nicht grün
---
This sig has been temporarily disconnected or is no longer in service
and what exactly was this that Omar Shenker accomplished?
thanks
Actually, it depends...
If the box was a PPC box, yeah Windows would fail first.
If you put LinuxPPC on a P2 450 though...
That's not a reasonable analogy, b/c the cause of the hang is a configuration issue, not a bug. You could argue that they should of expected the extreme loads they got, but in their defense you would think that people would have known better than to try a ping flood as an "exploit". Even folks who've never cracked anything more than a can of beer (like me =) ) ought to know better than that...
...disciplining the ronkeys since 3/2000...
all I can say is, thanx for the ride. ;) too bad about the :P
it was fun, and many of us could still
use the machine
memory thing, big nod on the swap space
situation. It can be the difference
between breaking early, (as it were)
and grinding on through the insanity.
maybe y2k just needed more ram all this time
just wanted to point out that as the y2k is beta,
Linux is under constant revision,
not a flaw, but an advantage, me thinks.
Peace
Dolio
you mean the former?
Not reading the manual is a sin.
....
man limit
NAME
limit, ulimit, unlimit - set or get limitations on the sys-
tem resources available to the current shell and its descen-
dents
He's gone the closest (pretty darn close - for my money) to date.
Since they have effectively pulled the plug on the experiment prematurely for reasons they really should have anticipated from the outset they should now cough up the goods!!!
I'm curious as to whether www.windows2000test.com and crack.linuxppc.org were under similar loads.
If the W2K box was getting 500 times the amount of traffic or something, it stands to reason that it would go down more often, quite aside from the relative stability of W2K vs. LinuxPPC; on the other hand, if the loads were similar, then this is a slam-dunk result in favor of Linux with regard to stability.
Either way, of course, it doesn't prove anything about the relative security of the OSes.
--
Do I look like I speak for my employer?
I did a fork bomb as a user once on my box and I got tired of waiting for it to crash, but when I came home from work 12 hours later, it was dead and not pingable. It was an older development kernel, but I'm wondering how Linux withstands these attacks currently. Anyone tried? I'd hate to kill my uptime...