A quick note on our testing: We used a Sun Sparcstation 10 and an HP somethingorother, both shown in laboratory prep here. Our exploits were pretty diverse, as you would expect from a large and experienced group of penetration testers. Favorites included 7.62x54mmR, with a fair amount of 5.56 NATO, and smattering of 9mm and .45 ACP. All in all, a normal Pen Test configuration.
The NT system, as many suspected, had rather a lot of holes:
It did, however, remain standing when the smoke figuratively settled. Or literally, in this case.
Solaris was both more and less robust. Many fewer observed holes, but the server was surprisingly easy to knock over, so it would appear to be more subject to Denial of Service (DoS) attacks, or Jay's
Jay will be posting a vulnerability announcement to bugtraq shortly.
So what conclusions can we draw from all this? There are a lot more holes than you'd expect in standard server-class Operating Systems, at least at a Blogshoot. On the other hand, both NT and Solaris are much, much more robust than fruit (Watermelon in this particular case).
Left unanswered is whether Macintosh - particularly old obsolete Macs would be more resistent to remote exploits. Sorry, the range doesn't allow targets containing glass.