OpenBSD Journal

SCO now running OpenBSD?

Contributed by jose on from the timeliness-is-everything dept.

sbalneav writes: "Wonder if they thought to make a donation?

http://uptime.netcraft.com/perf/graph?site=www.sco.com "

This is especially timely .... Note that it says OpenBSD/NetBSD ... still, interesting.

(Comments are closed)


Comments
  1. By Anonymous Coward () on

    It's definitely OpenBSD (probably 3.4), not NetBSD. I have used a OS fingerprinting tool just to be sure.

    Comments
    1. By Anonymous Coward () on

      Care to share your output with the rest of the world?

      What did you use, nmap, queso, banner grabbing :p, ...?

    2. By submicron () yeah@hi.com on mailto:yeah@hi.com

      That's funny, I ran nmap 3.50 against sco.com and they have a nice hefty linux-based firewall in front which skews the nmap OS fingerprinting. I'd be curious to know what you did get garner the results you claim to have recieved. For reference:

      uncertainty# nmap -O -sV -P0 www.sco.com

      Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-01-31 07:14 PST
      Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
      Insufficient responses for TCP sequencing (3), OS detection may be less accurate
      Interesting ports on www.sco.com (216.250.128.12):
      (The 1657 ports scanned but not shown below are in state: filtered)
      PORT STATE SERVICE VERSION
      80/tcp open http?
      443/tcp open https?
      Device type: switch|general purpose
      Running (JUST GUESSING) : Nortel embedded (87%), Linux 1.X (85%)
      Aggressive OS guesses: Nortel Networks Passport 1100 switch (87%), Linux 1.3.20 (X86) (85%)
      No exact OS matches for host (test conditions non-ideal).

      Nmap run completed -- 1 IP address (1 host up) scanned in 2786.446 seconds

  2. By Anonymous Coward () on

    Perhaps you should ask Rackspace to make a donation, since they're the ones running SCO's site. I doubt SCO cares what OS their web site runs on as long as it works correctly.

    Comments
    1. By Anonymous Coward () on

      They're not hosted at Rackspace. Three minutes time spent investigating that claim would've reveal that to you.

    2. By espo () on

      It doesn't say much for the company if they don't even use their own products that they're trying to get people to purchase. (And before someone says the OBSD main site isn't run on OBSD, it's run on a donated site - different concept.)

  3. By Anthony () on

    It's out there for everyone to use, and SCO needs it more than most.

    I'm sure that they're subject to constant attacks. And when new vulnerabilities are discovered, they're probably attacked using them within minutes. Maybe even before patches are available. There aren't that many other viable options if you're under that kind of threat.

  4. By Anonymous Coward () on


    Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-01-31 12:57 CST
    Insufficient responses for TCP sequencing (2), OS detection may be less accurate
    Interesting ports on www.sco.com (216.250.128.12):
    (The 1486 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE VERSION
    80/tcp open http?
    [...]
    443/tcp open https?
    [...]
    Device type: printer
    Running: QMS embedded
    OS details: QMS Magicolor 2200 DeskLaser printer

    Nmap run completed -- 1 IP address (1 host up) scanned in 146.753 seconds



    If that is a typical OBSD figerprint, then wet slap me plz.

    Comments
    1. By Anonymous Coward () on

      $ sudo nmap -O sco.com

      Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
      Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
      Interesting ports on www.sco.com (216.250.128.12):
      (The 1599 ports scanned but not shown below are in state: filtered)
      Port State Service
      80/tcp open http
      443/tcp open https
      Remote OS guesses: OpenBSD 2.9-beta through release (X86), OpenBSD 3.0 (x86 or SPARC)

      Nmap run completed -- 1 IP address (1 host up) scanned in 178 seconds

    2. By Anonymous Coward () on

      nmap it's not the only OS fingerprinting tool available. There are others :

      xprobe2 (
      http://www.sys-security.com/archive/tools/xprobe2/xprobe2-0.2.tar.gz)

      ospf (
      http://www.blad3.ro/projects.php)

  5. By Tim Lord () timothy@monkey.org on mailto:timothy@monkey.org

    According to http://www.atnewyork.com/news/article.php/3110981 (from November of last year) SCO is as happy to claim ownership of BSD variants as they are to say that the various things they distributed under the GPL uh, just, uh, well, didn't count, and stuff.

    timothy

  6. By Anonymous Coward () on

    Unfortunately for SCO, no mere OS can save them from being DoS'd off the face of the net tommorrow.

  7. By Anonymous Coward () on

    I see they changed it. Now it says unknown. Wonder if it's still OpenBSD and they've covered that up?

  8. By soohrt () on

    Looks like a glitch in the netcraft fingerprinting.
    www.sco.com hasn't been rebooted since sept '03/oct '03 with two nice and steady uptime graphs - both most of the time Linux.

    http://uptime.netcraft.com/up/graph?site=www.sco.com

  9. By Angel () amortiz75@yahoo.com on mailto:amortiz75@yahoo.com

    According to this Reuters article
    http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=4256399
    despite knowing about the worm, they were still bitten.

  10. By Anonymous Coward () on

    Now you see it:
    su-2.05a# dig @NS.CALDERASYSTEMS.COM sco.com

    ; > DiG 8.3 > @NS.CALDERASYSTEMS.COM sco.com
    ; (1 server found)
    ;; res options: init recurs defnam dnsrch
    ;; got answer:
    ;; ->>HEADER> DiG 8.3 > @NS.CALDERASYSTEMS.COM www.sco.com
    ; (1 server found)
    ;; res options: init recurs defnam dnsrch
    ;; got answer:
    ;; ->>HEADER <<- opcode: QUERY, status: NXDOMAIN, id: 4
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; QUERY SECTION:
    ;; www.sco.com, type = A, class = IN

    ;; AUTHORITY SECTION:
    sco.com. 30M IN SOA ns.calderasystems.com. hostmaster.caldera.com. (
    2004020105 ; serial
    1H ; refresh
    15M ; retry
    1W ; expiry
    30M ) ; minimum

    Comments
    1. By cellula-x () on

      Sorry about the above noise.


      su-2.05a# nslookup
      Default Server: ns2.ok.cox.net
      Address: 68.12.16.25

      > server NS.CALDERASYSTEMS.COM
      Default Server: NS.CALDERASYSTEMS.COM
      Address: 216.250.130.1

      > sco.com
      Server: NS.CALDERASYSTEMS.COM
      Address: 216.250.130.1

      Name: sco.com
      Address: 216.250.128.21

      > www.sco.com
      Server: NS.CALDERASYSTEMS.COM
      Address: 216.250.130.1

      *** NS.CALDERASYSTEMS.COM can't find www.sco.com: Non-existent host/domain


      haha.. no www .. yanky the (a) record

  11. By Peter N. M. Hansteen () peter@bgnett.no on mailto:peter@bgnett.no

    Here's my nmap output:

    peter@tosh:~/junk$ sudo nmap -O -sV -P0 www.thescogroup.com

    Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-02-02 21:04 CET
    Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
    Interesting ports on 216.250.128.21:
    (The 1653 ports scanned but not shown below are in state: filtered)
    PORT STATE SERVICE VERSION
    20/tcp open ftp-data?
    21/tcp open ftp?
    80/tcp open http Apache httpd
    443/tcp open http Apache httpd
    Device type: general purpose
    Running: OpenBSD 3.X
    OS details: OpenBSD 3.0 SPARC with pf "scrub in all" feature

    Nmap run completed -- 1 IP address (1 host up) scanned in 287.321 seconds

    Comments
    1. By Anonymous Hero () on

      Yeah nmap claimed my OpenBSD 3.2 and 3.3 was running SPARC too, while it was running x86. Go figure.

    2. By Anonymous Coward () on

      "scrub in all" apparently

  12. By Anonymous Coward () on

    They changed their URL for the duration of the MyDoom attack. They seem to be changing between Linux and NetBSD/OpenBSD according to Netcraft. Probably some kind of load balancing (or they are very, very, indecisive!)...

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]