[ISN] Security Community OS preferences

From: mea culpa (jerichot_private)
Date: Mon Oct 19 1998 - 00:08:32 PDT

  • Next message: mea culpa: "[ISN] Swiss bank battens down Web hatches"

    [Moderator: Really neat post here. Going to add a few comments for
     everyone :) ..  'repsec' is running 2.0.34 with custom mods. 'caltech' ..
     I can see that. I know of several EDUs running old stuff like SunOS,
     Ultrix and the like. AOL runs "stratus" machines if I am not mistaken. 
     I found info on them a while back on their web site (www.stratus.com?)
     and might be a neat addition to the database. Elsewise, these are dead on
     accurate as best as I know. VERY nice addition to the NMAP utility.]
    From: Fyodor <fyodort_private>
    For those who don't know, I am finishing a new version of my Nmap network
    exploration tool.  This version does remote OS identification via TCP/IP
    fingerprinting (kindof like the awesome queso program, although nmap
    uses some more advanced techniques).  In any case, I did a mass scan of
    (mostly) security sites and I thought it might interest the list as well
    as shed some light into what operating systems are preferred by security
    companies and hackers (I don't claim it is a statisticly valid sample --
    I just picked sites off the top of my head):
    # "Hacker" sites
    www.l0pht.com        => OpenBSD 2.2 - 2.4
    www.insecure.org     => Linux 2.0.31-34
    www.rhino9.ml.org    => Windows 95/NT     # No comment :)
    www.technotronic.com => Linux 2.0.31-34
    www.2600.com         => FreeBSD 2.2.6 - 3.0 Beta
    www.kevinmitnick.com => Linux 2.0.31-34  # Free Kevin!
    www.antionline.com   => FreeBSD 2.2.6 - 3.0 Beta
    www.rootshell.com    => Linux 2.0.35
    # Security vendors, consultants, etc.
    www.repsec.com       => Linux 2.0.35
    www.iss.net          => Linux 2.0.31-34
    www.checkpoint.com   => Solaris 2.5 - 2.51
    www.infowar.com      => Win95/NT
    # Vendor loyalty to their OS
    www.li.org           => Linux 2.0.35  # Linux International
    www.redhat.com       => Linux 2.0.31-34 # I wonder what distribution :)
    www.debian.org       => Linux 2.0.35
    www.linux.org        => Linux 2.1.122   
    www.sgi.com          => IRIX 6.2 - 6.4
    www.netbsd.org       => NetBSD 1.3X
    www.openbsd.org      => Solaris 2.6     # Ahem :)
    www.freebsd.org      => FreeBSD 2.2.6-3.0 Beta
    # Ivy league
    www.harvard.edu      => Solaris 2.6
    www.yale.edu         => Solaris 2.5 - 2.51
    www.caltech.com      => SunOS 4.1.2-4.1.4 # Hello! This is the 90's :)   
                                              # Might be a custom machine instead.
    www.mit.edu          => Solaris 2.5 - 2.51 # Coincidence that the good
                                               # schools all seem to like Sun?
    # Lamer sites
    www.aol.com          => IRIX 6.2 - 6.4  # No wonder they are so insecure :)
    www.happyhacker.org  => OpenBSD 2.2-2.4 # Sick of being owned, Carolyn?
                                            # Even the most secure OS is
                                            # useless in the hands of an
                                            # incompetent admin.
    # Misc
    www.lwn.net          => Linux 2.0.31-34 # This Linux news site rocks!
    www.whitehouse.gov   => IRIX 5.3
    Notes: In their security white paper, Microsoft said about their lax
    security:  "this assumption has changed over the years as Windows NT gains
    popularity largely because of its security features.".  Hmm, from where I
    stand it doesn't look like Windows is very popular among the security
    community :).  I only see 2 Windows boxes from the whole group, and
    Windows is _easy_ for nmap to distinguish since it is so broken (standards
    The version of nmap used for this will probably be released within 2
    weeks - 2 months.  If you really _must_ have the beta now, send me
    mail.  The released version is at http://www.insecure.org/nmap/ .  If
    you run any of these boxes and I got the OS wrong, please send me
    Fyodor (fyodort_private)
    Fyodor                                  'finger fyodort_private | pgp -fka'
    "Girls are different from hacking. You can't just brute force them if all
    else fails." --SKiMo, quoted in _Underground_ (good book)
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:08:18 PDT