Message-ID: <02e901c15e25$d1e23bb0$d710a8c0@ottawa.cadlink.com>
From: "Dave Hawkes" <daveh@cadlink.com>
To: <linux-kernel@vger.kernel.org>
In-Reply-To: <fa.n18ab3v.5kscb0@ifi.uio.no>
Subject: Re: M$ Does it again
Date: Fri, 26 Oct 2001 09:55:06 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org

This is the Universal PnP support...

Dave Hawkes

----- Original Message -----
From: "Richard B. Johnson" <root@chaos.analogic.com>
Newsgroups: fa.linux.kernel
To: "Linux kernel" <linux-kernel@vger.kernel.org>
Sent: Friday, October 26, 2001 9:39 AM
Subject: M$ Does it again


>
> I am told that the latest Windows/XP has a Trojan built into it.
> This was done as part of a deal with the United States Department
> of Justice in settling the long term problem with Microsoft's
> monopoly conviction.
>
> This Trojan, upon specifc network inquiry, has the capability
> of sending any intelligence that exists within the computer,
> (Motherboard type, Peripherals, hard disk contents, the contents
> of video buffers, etc.) to a remote network agent, any time the
> machine is connected to a network.
>
> Since the secret inquiry commands and port(s) must be known by
> the developers, I hope that somebody is working on a Linux clone
> that will pretend that it's a M$ machine owned by the Pope.
>
> Anyway, I have a XP machine here. I have monitored its startup
> with a phony static IP address and NO default route that should
> not be able to be routed out of the LAN. It does a lot of
> network chatter and actually communicates with a name server
> outside of our firewall!
>
> I tried to find out how, so I first wanted to find some
> M$ servers. This is what whois reports!!
>
> [whois.internic.net]
>
> Whois Server Version 1.3
>
> Domain names in the .com, .net, and .org domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
>
> MICROSOFT.COM.ZZZ.SUCKS.AZZ.PHAEN.AS
> MICROSOFT.COM.Z---HELLO-FROM-SIBERIA---I.Z3S.COM
> MICROSOFT.COM.WILL.NEVER.SATISFY.A.TRUE.TELNETJUNKIE.COM
> MICROSOFT.COM.WILL.NEVER.RUN.PUREDATA.NET
> MICROSOFT.COM.WILL.LIVE.FOREVER.BUT.LUNIX.SUCKS-BYBIRTH.ARTISTICCHEESE.COM
> MICROSOFT.COM.WILL.ALWAYS.FEARPENGUINS.COM
> MICROSOFT.COM.WHOIS.RESULTS.MAKE.A.GREAT.HUMOUR-LIST.COM
> MICROSOFT.COM.WAS.HACKED.TODAY.BY.JAMESSMALL.COM
> MICROSOFT.COM.TONY.HAS.SEXUAL.IN.ADEQUACY.ORG
> MICROSOFT.COM.TOLD.ME.TO.KILL.UR.PC.LIVE-EVIL.COM
> MICROSOFT.COM.TOHA.KANKEI.ARIMASEN.300BPS.NET
> MICROSOFT.COM.TAKES.IT.IN.THE.BUTT.FROM.WHILE1.ORG
> MICROSOFT.COM.SUKZ.ORG
> MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
> MICROSOFT.COM.SE.FAIT.HAX0RIZER.PAR.TOUT.LE.ZOY.ORG
> MICROSOFT.COM.RUNSLINUX.NET
> MICROSOFT.COM.PRODUCTS.WILL.NEVER.BE.SEEN.AT.MCNEIGHT.ORG
> MICROSOFT.COM.OWNED.BY.MAT.HACKSWARE.COM
> MICROSOFT.COM.NOTHING.HAPPENS.XYZZY.COM
> MICROSOFT.COM.NAO.VALE.UM.CARALHO.NET
> MICROSOFT.COM.N-AIME.BILL.QUE.QUAND.IL.N-EST.PAS.NU
> MICROSOFT.COM.MUST.STOP.TAKEDRUGS.ORG
> MICROSOFT.COM.MAKES.SHIT.ASS.SOFTWARE.T10.NET
> MICROSOFT.COM.IS.THE.COMMERCIAL.ARM.OF.THE.WORLDGOV.ORG
> MICROSOFT.COM.IS.SOON.GOING.TO.THE.DEATHCORPORATION.COM
> MICROSOFT.COM.IS.SO.VERY.SKANKY.NET
> MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERRORISTS.NET
> MICROSOFT.COM.IS.NOTHING.COMPARED.TO.EVILGOAT.NET
> MICROSOFT.COM.IS.NOTHING.BUT.A.MONSTER.ORG
> MICROSOFT.COM.IS.NO.MATCH.FOR.THE.WANNABE.TERRORISTS.AT.JIMPHILLIPS.ORG
> MICROSOFT.COM.IS.NO.MATCH.FOR.A.UNIXNINJA.COM
> MICROSOFT.COM.IS.HOPELESSLY.INSECURE.ORG
> MICROSOFT.COM.IS.GOD.BUT.LINUX.SUCKS-FOREVER.ARTISTICCHEESE.COM
> MICROSOFT.COM.IS.AT.THE.MERCY.OF.DETRIMENT.ORG
> MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET
>
MICROSOFT.COM.HQ.SHOULD.HAVE.BEEN.MOVED.TO.BAGDAD.JUST.BEFORE.THE.GULFWAR.OR
G
> MICROSOFT.COM.HEBERGEUR.DE.SCHIZOPHRENE.ORG
> MICROSOFT.COM.HAS.NO.LINUXCLUE.COM
> MICROSOFT.COM.HACKED.BY.HACKSWARE.COM
> MICROSOFT.COM.GUTS.NL
> MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET
> MICROSOFT.COM.FAIT.VRAIMENT.DES.LOGICIELS.A.TROIS.FRANCS.DOUZE.ORG
> MICROSOFT.COM.DAN.HILLIER.OF.EXETER.UK.IS.A.DUMB.ASS.EVILJAM.COM
>
MICROSOFT.COM.CODERS.SHOULD.DUMP.WINDOWS.AND.CODE.FOR.THE.MORE.PRACTICALMAC.
COM
> MICROSOFT.COM.CANNOT.HACKUNIX.ORG
> MICROSOFT.COM.AINT.WORTH.SHIT.KLUGE.ORG
>
MICROSOFT.COM.A.ETE.CREE.PAR.BILLOU.A.L.EPOQUE.OU.IL.FUMAIT.DU.COLA-COCA.ORG
> MICROSOFT.COM.A.BIEN.BU.DU.COLA-COCA.SUR.L.ILE.DE.NUMEA.COM
> MICROSOFT.COM
>
> [Snipped]
>
> Neat!
>
> Anyway, XP will certainly find its way around a network. It discovers
> any Microsoft servers on the LAN and uses their default route. That's
> how it finds the firewall. It then queries a bunch of servers using
> port 53 (DNS) and does a zone-dump. Then it uses the mail port 25 to
> exchange information. This information is not text. I don't know
> what it is.
>
> It does this all upon startup! Our firewall doesn't 'know' about
> this machine. It shouldn't even be able to talk outside because
> our firewall interface does NAT and nobody has configured it for
> the new machine.
>
> If somebody has the time, it would be a good idea to look into
> how they do this stuff and make some Linux software to emulate,
> attack, expose, and thereby destroy the new Microsoft capability.
>
> Cheers,
> Dick Johnson
>
> Penguin : Linux version 2.4.1 on an i686 machine (799.53 BogoMips).
>
>     I was going to compile a list of innovations that could be
>     attributed to Microsoft. Once I realized that Ctrl-Alt-Del
>     was handled in the BIOS, I found that there aren't any.
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/