mailing list archives
From: "0x90" <secbasics () spam gagspace com>
Date: Tue, 27 Nov 2007 01:31:28 +0100
What do you want to SSH connect to FBI-s homepage?
I don't want them to "SSH connect". All you do is connect, and not SSH.
If this is a game, why don't you provide yourself the target for
I do provide myself as the target for most challenges, should the level
require portscanning, exploiting a PHP, etc. In this case, we are not
talking about scanning, we are talking about aquiring a simple banner. The
last thing I would want to do is send the player to do illegal activities.
The challenges that involve sites other than mine (yes, government / google
/ yahoo / nasa sites) focus on getting information through legal ways. The
FBI challenge is one of these, although it is only the second warmup level,
so it is still 'too easy', and doesn't provide you with much information -
maybe just a smile to make your day as you advance to the other 40 levels.
* Philippe wrote:
They just want to see if you can do a banner grabbing, theres really
nothing to it.
But I do agree that choosing the FBI is a very very VERY bad way to be
serious, it is sending
out the Hacker VS the law image and I would go against this.
None of my hosts have SSH open (and for various reasons won't, neither for
just a fake banner). I would have felt bad about putting the player to
connect to any average server out there. Just think of it. It would have
made no point. On the other hand, the FBI might have had some funny reason
to open up that port (which I highly doubt is actually SSH, but who cares),
so they probably don't mind anyway. And even if they did, they obviously get
no less mass SSH scans a day than any other ip pool does. And those scanners
go further than just connecting.
To summarize, this is not the "Hacker VS the law" thing (especially with
all the warnings: "do not do anything illegal", "do not spam their forum
boards", "do not scan their subnet" etc). I am disappointed and sorry if
anybody got the opposite idea. To these people I recommend reading the list
of challenges to see the big picture.
- Re: hax.tor, (continued)
- Re: hax.tor Michael Argyriou (Nov 27)
- Re: hax.tor 0x90 (Nov 27)
- Re: hax.tor Robert Larsen (Nov 27)