Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yet Another Crack-This-Box Challenge

Posted by Hemos on from the who-else-is-tired-of-this dept.

Sand_Man wrote to us with the latest public relations stunt with crack-a-machine trials. This is a month long trial, pitting Linux vs. NT boxes against each other. Details are in the story, but does this whole thing strike everyone else as tired PR stunts now?

5 of 137 comments (clear)

  1. Something Fishy by kevlar · · Score: 4

    There is definately something fishy here. Both boxes are behind a firewall unidentified by nmap. Translation is that they have some kind of routing firewall to prevent certain ports from being attacked. What kind of contest is this if the ports that are "open" are sitting behind a firewall that won't allow anything more than a 3-way handshake? This is to show NT is secure. I have no doubt anymore. Someone is playing a foul game here.


    [root@kevlar /root]# nmap -sT -O securent.hackpcweek.com

    Starting nmap V. 2.2-BETA4 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
    Interesting ports on securent.hackpcweek.com (208.184.64.171):
    Port State Protocol Service
    21 open tcp ftp
    23 open tcp telnet
    25 open tcp smtp
    70 open tcp gopher
    80 open tcp http
    119 open tcp nntp
    139 open tcp netbios-ssn
    420 filtered tcp smpte
    443 open tcp https

    TCP Sequence Prediction: Class=truly random
    Difficulty=9999999 (Good luck!)
    No OS matches for host (see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
    TCP/IP fingerprint:
    TSeq(Class=TR)
    T1(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
    T2(Resp=N)
    T3(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
    T4(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T7(Resp=N)
    PU(Resp=N)

    [root@kevlar /root]# nmap -sT -O securelinux.hackpcweek.com

    Starting nmap V. 2.2-BETA4 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
    Interesting ports on securelinux.hackpcweek.com (208.184.64.170):
    Port State Protocol Service
    21 open tcp ftp
    23 open tcp telnet
    25 open tcp smtp
    70 open tcp gopher
    80 open tcp http
    119 open tcp nntp
    139 open tcp netbios-ssn
    420 filtered tcp smpte
    443 open tcp https

    TCP Sequence Prediction: Class=truly random
    Difficulty=9999999 (Good luck!)
    No OS matches for host (see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
    TCP/IP fingerprint:
    TSeq(Class=TR)
    T1(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
    T2(Resp=N)
    T3(Resp=Y%DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M)
    T4(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T6(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T7(Resp=N)
    PU(Resp=N)


    Nmap run completed -- 1 IP address (1 host up) scanned in 24 seconds

  2. Errors in the Article! by Anonymous Coward · · Score: 5

    From the article: "Taschek also noted that, in recent weeks, the Nasdaq/Amex, the Drudge Report and ABC sites were all hacked in someway. Each of these three web sites runs either Windows NT with IIS or Linux as their front-line web servers. " From Netcraft: www.nasdaq.com www.nasdaq.com is running Microsoft-IIS/4.0 on NT4 or Windows 98 www.abc.com www.abc.com is running Microsoft-IIS/4.0 on NT4 or Windows 98 and finally (the worse yet!) www.drudgereport.com www.drudgereport.com is running Microsoft-IIS/5.0 on Windows NT5 beta We all know that both OSes are only as good as the person who administers them. This is an absolute joke. How much says Microsoft is sponsering this?

  3. Sick of "crack this box" contests. by Wakko+Warner · · Score: 5
    What we need now is a "box this crack" contest: drive through Harlem and pick up a few dealers and have them compete to see how fast they can get a shipment packed, false-bottomed, filled with Beanie Babies, and sent out via UPS.

    That's real, honest-to-God, cutthroat competition.

    - A.P.
    --


    "One World, one Web, one Program" - Microsoft promotional ad

    --
    "Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
  4. [sarc] The Ultimate "Hack This Machine" Challenge by Pont · · Score: 5

    If you, yes you, hack www.fbi.gov and put up porn, instructions for building nuclear weapons, and your actual home address, you will win the following:
    Free housing for 10-30 years!
    Free "food" for 10-30 years!
    Free sex for 10-30 years!
    Free training in a useful trade!

    Who can resist!

  5. Real Contests/Tests by Hrunting · · Score: 4
    1. Give the box to your average Joe Schmoe luser and let him set it up on a relatively bandwidth-capable link. Then have someone hack that. See what happens.
    2. Give the box to your average Joe Schmoe luser and see how long it stays up during average use (word processing, standard updates). Make sure to log how they use it.
    3. Give a Linux box to a bunch of Windows NT techs and see if they can set it up for (input server type here). Time how long it takes. Repeat task with Windows NT box and Linux admin.
    4. Setup a kiosk with with two boxes, one NT and one Linux running a Window Manager of choice. Give them passersby the choice of looking at Netscape on one or looking at Netscape on the other. See which one people use the most. Ask them why they don't use the other.


    Honestly, security is a nice issue and all, but there are so many other areas that both operating systems need improvement in. Security is such a function of administration that these contests show very little of the capabilities of the operating system. Try combining them with other aspects, like setup, administration, use, and scalability, and then your contest will really say something about the operating system.