Yup, apache was running with CGI, etc etc. You tend to forget that a server or computer does not have to have 40000000 services running. You run what is needed. The point of this exersize was to prove that a good firewall and an OS in the hands of a good admin, is unpenetrable. If you think you can do better, take a crack at it. But know that you won't be getting in. I'll make double sure my IDS autobans any scanning computers this time.

Yes, that's right, windows IDS So both of you can either continue whining aind complaining about "this doesn't prove anything wahhhh". Or take a shot at it.


properly configured firewall + updated services + properly configured services + proper IDS + proper admin observation == an near unpenetrable box

Of course this means a weakness of social eng. could exist, and they would sweet talk information out of me. Then again, would you be able to do it?


If you don't believe that algorithm, then why not let you two being the last ones who crack it. It's a very simple algorithm, and you need to put your keyboard where your mouth is. I know I did, and here I am now hosting this security test that has yet to be penetrated because of that above algorithm. My point was to prove in the proper hands of a knowledge admin, XP is untouchable. Prove me wrong, or don't comaplain about it not proving anything