LinuxPPC challenge rides again

jacobm writes "According to an announcement on their site, AntiOnline is going to host the LinuxPPC challenge (crack an out-of-the-box LinuxPPC install and you can keep the computer), which was taken down a few weeks back because of bad guys doing mean things to LinuxPPC's network. Gentlemen, start your port scanners! "

"Start your portscanners"

[alhaz]

I think this is a silly way to figure out how to hack a known configuration.

I've often told people, if someone hacks your system and leaves you an obscene calling card, that was basicly a scriptkiddy who got lucky. A genuine, serious security cracker prefers to leave as little evidence as possible.

Flailing away at this thing from remote isn't just a waste of time, it's embarrasing.

If I had any interest in all in cracking this box, here's what I'd do.

If i didn't already have access to a powermac, I'd borrow or rent one, as similar as possible to the one being used.

I'd install linuxppc on it, staying as close to their known configuration as possible. if this is truly the default installation, that makes it much easier.

I'd hook it up on a private segment with some other systems, and hammer away on it where noone can see, where noone else is generating traffic, examining the system for different sorts of problems depending on what i did to it.

I'm sure eventually I'd find some way to at least cause the thing to die. It might take weeks, or days. Hard to say.

As soon as i was 100% certian I'd found a way to kill it, then and only then would i begin to attack the machine in question.

All this portscanning and flooding is just noise. Even if they do bring it down, they won't be able to reproduce it. In that respect, this is a pretty good PR stunt, given that linux is reasonably secure and stable.

Antionline??

[Kaa]

Didn't Antionline (John Vranesevich) behave in a very unpleasant manner recently (PacketStorm -- Harvard)? I thought that he was relegated to the "don't touch with a 10-foot pole" category.

Kaa