Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Software Linux

Linuxense Break-in Challenge Over 42

hot_Karls_bad_cavern writes "As previously mentioned on Slashdot, the Linuxense Break-In Challenge has ended and some results posted, including a torrent link to the packet capture dump. The great Linux guru winner: no one. After the 96 hours, the machine was still safe and sound. Distro on the target machine: Adamantix."
This discussion has been archived. No new comments can be posted.

Linuxense Break-in Challenge Over

Comments Filter:
  • by A beautiful mind ( 821714 ) on Saturday March 19, 2005 @04:25PM (#11986675)
    the timeframe was too short to do anything high profile. In other words, the distro was more secure than it could be hacked in 96 hours. However, with servers online years, you have a much better situation from the attacker's viewpoint, even if your box is fully patched.
    • by cfavader ( 754724 ) on Saturday March 19, 2005 @04:47PM (#11986808) Homepage
      I fully agree.

      Apparently they expected people to whip out their magic wands of hax0ring skillz.

      Personally, I would have kept the server up until someone finally broke through (although for a lesser prize?) just out of curiosity.
    • And, quoting from the FAQ
      This is how nmap would report if you run it against a server which is under (D)DoS attack (the Challenge server was overwhelmed by port scans, brute-force attacks, etc. most of the time).
      That makes it yet a little harder.
    • I wonder if the point was to get a list of IP's to deny access to.

      However, it looks like the weakest link wasn't exploited. There were no regular clueless users onboard to steal passwords from. There were no janitors to impersonate or locks to pick. There were no unannounced maintenence men from DELL to swap in a new redundant RAID disk. It was all too clean.

  • Wolverine would be proud. :)

  • Pffft (Score:3, Insightful)

    by Anonymous Coward on Saturday March 19, 2005 @04:34PM (#11986726)
    Anyone capabile of breaking that machine isn't about to announce that little bit of information to the whole world.

    Public security "tests" are useless (from a security standpoint) publicity shows.
  • I must say I'm proud to see them distributing the packet dump via bittorrent. Every legit reason for p2p helps.
  • Forkbomb... (Score:3, Insightful)

    by bcmm ( 768152 ) on Saturday March 19, 2005 @04:54PM (#11986845)
    So, was this because it was down the whole time because of people trying to DOS it instead of taking control?

    When they gave a user account, didn't the first person to log in change the account password?
    And was it susceptable to forkbombing [slashdot.org]?
    • then nobody would have been able to break in.

      and actually from the faq...
      "6. nmap returns ``connection refused''/``filtered''. Your [Challenge] server seems to be behind a firewall.
      There was no firewall. This is how nmap would report if you run it against a server which is under (D)DoS attack (the Challenge server was overwhelmed by port scans, brute-force attacks, etc. most of the time)."

      pretty stupid challange if it's so short that there won't be time in it to get to the server even.
      • Re:Forkbomb... (Score:4, Insightful)

        by RALE007 ( 445837 ) on Saturday March 19, 2005 @05:45PM (#11987126)
        I was just about to post the same thing from the faq. This "challenge" proves little to nil considering their server wasn't capable of handling the network traffic. There's a million analogies that come to mind, but I think a good one would be a boxing match. Their victory is tantamount to a boxer claiming to be the heavyweight championship because nobody beat them in a fight, but the reason nobody beat them is that all the potential challengers were stuck in the doorway into the arena. It doesn't prove a victory, it proves the doors need to be bigger. Bringing that thought back around to this hack challenge, all that was proved is their hardware is insufficient for any moderately high traffic load. I don't think a victory dance is in order.
        • That is where Solaris beats Linux. Out of the box SUN boxen can pump more IO then the best configured Linux boxen. Security aside, this was a PR stunt what was orchestrated from the start. x86 boxes can be overwhelmed at defined load level. Overwhelmed equals a win to this test. It puts it beyond the reach of anyone to crack unless they can get access before the Sheeple get there. Like in the first 5 minutes. Posting to Slashdot triggers a slashdot effect and gets you that result for 95:50 hours.

          Nothing to

  • by Lally Singh ( 3427 ) on Saturday March 19, 2005 @05:24PM (#11987005) Journal
    I didn't report it, just b/c I thought it was too little a feat to mention. Password: Joshua.
  • Microsoft will invite us to hack Windows XP SP2, with all the default services enabled, such as the firewall.
  • ...and got rejected.
  • Ok everyone, get back to hacking into the FBI intranet... :D

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...