Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nmap Network Scanning

samzenpus posted more than 5 years ago | from the read-all-about-it dept.

Security 125

brothke writes "The 1962 song Wipe Out, with its energetic drum solo started, was the impetus for many people to take up playing the drums. Similarly, Nmap, the legendary network scanner, likely interested many in the art of hacking, and for some, started a career for security professionals and hackers. Nmap and its creator Fyodor need no introduction to anyone on Slashdot. With that, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, is a most useful guide to anyone interested in fully utilizing Nmap." Read on for the rest of Ben's review.One may ask, why spend $50 on this book, when the Nmap Reference Guide provides a significant amount of the basic information needed to use the tool, especially since the reference guide is both free, and well written. The reference guide is included in the book in chapter 15, and takes up 41 pages. And for those that are cash strapped, the free reference guide is the way to go.

In addition, the web site for the book notes that about half of the content is available in the free online edition. The most useful information is in the book in chapters exclusive to the print edition, which includes Detecting and Subverting Firewalls and Intrusion Detection System, Optimizing Nmap Performance, Port Scanning Techniques and Algorithms, Host Discovery, and troubleshooting.

The main benefit of the buying the book is that it has the collected wisdom of Fyodor's, in addition to numerous real-world scenarios, and Nmap commands not documented elsewhere. At over 400 pages, the books 15 chapters provide the reader with everything they need to know about using Nmap to the fullest.

Chapter 1 starts with an overview of the history of Nmap and how it came to be. As to the question of whether port scanning is legal, the author writes that it is best to avoid the debate and its associated analogies. He advises that it's best to avoid ISP abuse reports and criminal charges, by not annoying the target network administrators in the first place. Chapter 1 provides a number of practical suggestions on just how to do that.

A complaint against Nmap it that is has often been blamed for crashing systems. Chapter 1 shows that the reality is that Nmap will rarely be the primary cause of a system crash. The truth is that many of the systems that crashed as a result of an Nmap scan were likely unstable from the outset, and Nmap either pushed them over the top or they coincidentally crashed at the same time as the Nmap scan.

An ironic incident detailed in chapter 3 is when someone from the information security department of Target Corp. complained to the author that he felt the Nmap documentation was particularly directed at his organization; given the use of the term target. He requested that the Nmap documentation be changed from targetto example. The section on target enumeration in the book shows the author did not take that request to heart.

Another example of where the book goes beyond what is in the reference guide is where the author shows the most valuable TCP ports via his probe of tens of millions of IP addresses across the internet. Not surprisingly, ports 80 23 and 443 were the top three most commonly open TCP ports. It is surprising that other ports, which should have been secured long ago, are still as vulnerable as ever.

For the serious Nmap user, the book is worth purchasing just for the indispensable information in chapter 16, which is about optimizing Nmap performance. The author writes that one of his highest priorities in the creation of Nmap has been performance. Nmap uses parallelism and numerous advanced algorithms to execute its blazingly fast scans. This chapter shows how to create Nmap commands to obtain only the information you care about and significantly sped up the scan. The chapter details numerous scan time reduction techniques, and strategies on how to deal with long scans. The chapter concludes with the output of a user who, with a customized Nmap command, was able to reduce his scan of a 676,352 IP address network from nearly a week to 46 hours.

Chapter 10 is also a fascinating chapter on the topic of detection and subverting of firewalls and IDS. The function of such tests on an internal network is to help an organization understand the dangers and risks of a real attack. Since it is not uncommon for firewalls to be accidentally misconfigured, or have rule bases that leak from far too many rules; such a test can be quite useful to any network.

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning is the guide for anyone who wants to get more out of Nmap. It is useful whether one is a novice and only getting into basic security testing, or an advanced user looking for ways to optimize Nmap.

The book takes a real-world approach on how to use the tool and clearly documents every Nmap feature and option. It also shows how the tool should be correctly used in various settings.

What is unique about is that this is a rare book in which the creator of the program wrote it. Linus Torvalds never got around to writing a Linux reference, nor did the creators of the Check Point firewall. In Nmap Network Scanning, the reader gets the story from the creator of the code itself. This then is the ultimate Nmap reference guide.

Aside from the history and use of the program in the first chapter, the rest of the book is an extreme guide to maximizing the use of Nmap. It is written by a programmer and written for the technically astute. Anyone who wants to maximize their use of Nmap will find no better reference.

Ben Rothke manages the Bright Hub Enterprise Security channel and is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

125 comments

Sorry! There are no comments related to the filter you selected.

Target (5, Funny)

mcgrew (92797) | more than 5 years ago | (#26037263)

An ironic incident detailed in chapter 3 is when someone from the information security department of Target Corp. complained to the author that he felt the Nmap documentation was particularly directed at his organization; given the use of the term target.

He requested that the Nmap documentation be changed from target to walmart

there's a town in upstate new york called fishkill (-1, Offtopic)

circletimessquare (444983) | more than 5 years ago | (#26037927)

as in kill, the dutch word for creek. so the town's name is basically fishcreek

the mayor of fishkill got a letter from PETA demanding the town's name be changed because it is cruel. i think the mayor framed the letter and mounted it on his wall

where do people get this ridiculous chutzpah?

i hereby demand no one use the word "you" in a critical sentence. because sometimes people call me "you", and i wouldn't want the confusion to lead to people believing i deserve to be criticized

Re:there's a town in upstate new york called fishk (-1, Offtopic)

Muad'Dave (255648) | more than 5 years ago | (#26038475)

There's a waterway between New Jersey and Staten Island called the Arthur Kill [wikipedia.org] . How they developed a selective poison that only kills guys named Arthur (and possibly aardvarks) is beyond me.

Re:there's a town in upstate new york called fishk (1)

Jansingal (1098809) | more than 5 years ago | (#26042705)

what's this got to do with the book review?

New meaning of the term "malware" (1)

wsanders (114993) | more than 5 years ago | (#26039739)

Henceforth to be known as "Wal-Ware".

Re:Target (0)

Anonymous Coward | more than 5 years ago | (#26041707)

amusing, but not ironic. :)

Obligitory (-1, Redundant)

Q-Hack! (37846) | more than 5 years ago | (#26037267)

I h4x ur ports, k thx by

Scannign long before NMAP (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26037277)

I was running a VisualBasic port scanner long before NMAP ever existed... Anyone who ever ran a server needs to port scan now and then.

Re:Scannign long before NMAP (1)

ZeroData00 (223410) | more than 5 years ago | (#26038591)

One of the boooks are writting visual basic that I learned from actually used making a port scanner as a learning project. Which I thought was kind of funny, but I did learn the basics of networking.

Re:Scannign long before NMAP (0)

Anonymous Coward | more than 5 years ago | (#26038979)

Nobody claimed that nmap was the first port-scanner. Oh, and wow, VisualBasic.

Re:Scannign long before NMAP (1)

Jansingal (1098809) | more than 5 years ago | (#26042269)

so what?

what did u do more than that?

maybe that is why a 100 million people use nmap and not yer tool.

Just FYI, yes Trinity used this on CLI in Matrix (0, Flamebait)

Smidge207 (1278042) | more than 5 years ago | (#26037291)

That's right: Trinity uses a 'sploit.

A scene about two thirds of the way through the film finds Carrie-Anne Moss's leather-clad superhacker/whore setting her sights on a power grid computer, for plot reasons better left unrevealed.

But at exactly the point where audiences would normally be treated to a brightly-colored graphical cartoon of a computer intrusion, ala the 2001 Travolta vehicle Swordfish, or cheer as the protagonist skillfully summons a Web browser and fights valiantly through "404 Errors," like the malnourished cyberpunk in this year's "The Core," something completely different happens: Trinity runs "Nmap."

Probably the most widely-used freeware hacking tool, the real-life Nmap is a sophisticated port scanner that sends packets to a machine -- or a network of machines -- in an attempt to determine what services are running. An Nmap port scan is a common prelude to an intrusion attempt -- a way of casing the joint, to find out if any vulnerable service are running.

That's exactly how the fictional Trinity uses it. In a sequence that flashes on screen for a few scant seconds, the green phosphor text of Trinity's computer clearly shows Nmap being run against the IP address 10.2.2.2, and finding an open port number 22, correctly identified as the SSH service used to log into computers remotely.

"I was definitely pretty excited when I saw it," says "CmdTaco," the 25-year-old openly gay author of Nmap. "I think compared to previous movies that had any kind of hacking content, you could generally assume it's going to be some kind of stupid 3D graphics show."

But the unexpected nod to hackerdom doesn't end there. Responding to the Nmap output , Trinity summons a program called "sshnuke" which begins "[a]ttempting to exploit SSHv1 CRC32."

Discovered in February, 2001 by security analyst Michal Zalewski, the SSH CRC-32 bug is a very real buffer overflow in a chunk of code designed to guard against cryptographic attacks on SSH version one. Properly exploited, it grants full remote access to the vulnerable machine.

"I think there are at least two public exploits in circulation right now," said Zalewski, in a telephone interview. "They just got released about a month after the advisory. And I know there are some that are not public."

The actual program Trinity uses is fictitious -- there is no "sshnuke," yet, thank FSM, nervously titters ESR while jack-hammering Malda's man-meat and genuine exploits sensibly drop the user directly into a root shell, while the big screen version forces the hacker to change the system's root password -- in this case to "Z1ON0101." (Note the numeral in the place of the 'I' -- more hax0r style.)

But then, the film does take place in the future. Is Zalewski surprised to see unpatched SSH servers running in the year AD 2199? "It's not that uncommon for people to run the old distribution," he says. "I know we had a bunch of boxes that were unpatched for two years."

Malda notes like a little homo bitch he is that the filmmakers changed the text of Nmap's output slightly "to make it fit on the screen better," but he's not quibbling over the details. The white hat hacker's stardom even gave him new appreciation for the speed of the Internet's underground. After seeing the film late Wednesday night, CmdTaco put out a request to an Nmap mailing list asking for someone to get him a digital still of the program's three-seconds of fame. He expected it to take hours, or days.

"Twenty minutes after I send it, I'm getting a bunch of screens shots, some of them have suspicious Windows Media Player outlines to them," he says, grinning while ESR ejaculates into his mouth. "Now I've got screen shots, Divx copies of the movie, all sorts of stuff." If the Matrix borrows from real life, the Internet, it seems, already has the Matrix.

=Smidge=

Re:Just FYI, yes Trinity used this on CLI in Matri (0)

Anonymous Coward | more than 5 years ago | (#26037483)

Damn dude, just link people to the clip...
http://www.youtube.com/watch?v=ojFFS_T3UQk [youtube.com]

Re:Just FYI, yes Trinity used this on CLI in Matri (1)

X0563511 (793323) | more than 5 years ago | (#26038807)

It's a troll.

"I was definitely pretty excited when I saw it," says "CmdTaco," the 25-year-old openly gay author of Nmap.

Amen with the crashed systems. (5, Insightful)

kwabbles (259554) | more than 5 years ago | (#26037345)

I always roll my eyes when I hear someone complain about nmap "crashing a system". This should be common sense. If the target crashed simply from being nmapped or scanned from the outside - the target is obviously a turd of a system.

Re:Amen with the crashed systems. (5, Funny)

X0563511 (793323) | more than 5 years ago | (#26037495)

Hey, they spent a long time polishing that turd, and they are damn proud of it!

Re:Amen with the crashed systems. (1, Funny)

windsurfer619 (958212) | more than 5 years ago | (#26039971)

I thought Microsoft just shit^Hpped the first copy that compiled...

Re:Amen with the crashed systems. (0, Funny)

Anonymous Coward | more than 5 years ago | (#26037795)

I know that the best approach is to ignore you trolls, even as your slander becomes more and more outrageous. I will admit that I did some trolling of the trolls last year. Big mistake - they have much more of an appetite and time for this than I do. It has been a year and they still continue to write new stories that are more and more absurd. Perhaps I should be flattered that they consider me so important. The troll journal you linked accuses me of "illegally penetrating computers across state lines" and that "Fyodor even submitted his "troll hunting" story to Slashdot, though it was rejected". Another page [geocities.com] includes a fake interview with me, a fake Nmap bug, and notes that I have been "pushing crystal meth on the street for a few months." It has also been said that I am "obviously a terrorist [insecure.org]" and that Nmap "is spyware to spy on the american people [insecure.org]". So I have learned to deal with abusive criticism. Another Slashdot journal currently says "Fyodor is ... a depraved, insidious hacker hell-bent on criminal intrusions into systems owned by minors!" Even I couldn't help but chuckle at that one :). Replying is useless, since the trolls are just looking for attention and care nothing of accuracy. But I will make a few points lest anyone else take the trolls seriously:

        * I am not a terrorist, and have never sold drugs.
        * I did not actually break into any troll boxes, although I did imply that in a misguided attempts to use some of their trolling rhetorical devices against them. I stand by my posting history [slashdot.org].
        * Much of the content in the journal you posted is an outright fabrication and the lies and accusations change by the minute! This (currently score 5) post [slashdot.org] quotes text that I saw in this journal an hour ago. Now it is gone, and many other changes have been made as well. Be careful of linking to Troll journals, or they may turn into goatse links.
        * Some of his lies are self-evident. How could he possibly know much of this stuff, such as that I submitted this as a Slashdot story? I have never submitted any story whatsoever to Slashdot. If there is some sort of public interface to the submission queue that I am unaware of, please post it. You will not find any submissions from me. Note that these [slashdot.org] were all submitted by other people.
        * I have not been "advised by legal counsel not to speak about it in public." If I was to speak with lawyers, it would be about their slander campaign. But they aren't even close to being worth the effort.
        * They claim I hacked a troll named Sdem who is a member [trollaxor.com] of Trollaxor.Com. That page currently admits that he has moved on to harassing other security folks - he is now impersonating Theo de Raadt [slashdot.org], the leader of OpenBSD.

I could go on, but I have a much more important project to work on today. I won't post further on this troll topic, no matter how much you trolls slander and attack me in your journals and replies to this post. And don't bother posting "YHBT," I know. Hopefully Slashdot moderation will eventually catch up with your games and we can focus on interesting security subjects rather than troll gossip and manufactured scandals.

Cheers.

Re:Amen with the crashed systems. (2, Insightful)

LingNoi (1066278) | more than 5 years ago | (#26038399)

I have no other words for this apart from, "What the fuck?"

Re:Amen with the crashed systems. (1)

Arimus (198136) | more than 5 years ago | (#26039279)

Good, its not just me who wondered WTF the point of that rant was...

Re:Amen with the crashed systems. (0)

Anonymous Coward | more than 5 years ago | (#26037967)

Sweet. let's nmap insecure.org

Re:Amen with the crashed systems. (1)

lazyforker (957705) | more than 5 years ago | (#26038557)

I always roll my eyes when I hear someone complain about nmap "crashing a system". This should be common sense. If the target crashed simply from being nmapped or scanned from the outside - the target is obviously a turd of a system.

Hey! Shouldn't that be example is obviously a turd of a system?

Re:Amen with the crashed systems. (5, Interesting)

tabrisnet (722816) | more than 5 years ago | (#26038589)

Happened to me in college at gvsu.edu. They claimed I had crashed several Solaris boxen, and claimed that my Linux box was 'dangerous', and even cut off my network access.

The kicker was the 150 hours of community service I had to put in to pay for the time (of 'computer professionals' who were worth a lot more money than I was) it took to bring them back online.

And to think, I was only trying to map out the campus network and what systems they used for various purposes.

Re:Amen with the crashed systems. (4, Insightful)

kwabbles (259554) | more than 5 years ago | (#26039005)

The kicker was the 150 hours of community service I had to put in to pay for the time (of 'computer professionals' who were worth a lot more money than I was) it took to bring them back online.

And just think - since most likely all they had to do was reboot the damned things, what you were really putting in your "sweat equity" to pay for was their time to go back and fix their own mistakes, since they obviously hadn't done their jobs right in the first place.

However, this brings up an important rule of thumb: Don't pen test something that you don't have permission to pen test, unless you've accepted that you will be prosecuted if caught. There are a lot of idiot admins out there watching their logs ready to point fingers the moment they see a port scan... not because they're concerned about security, but because "hackers" make excellent scapegoats for incompetent admins.

Re:Amen with the crashed systems. (0)

Anonymous Coward | more than 5 years ago | (#26042393)

Thing is, even if you believe in things like "The Secret", part of positive thinking is taking action/control of your own destiny. Ignoring problems is not part of positive thinking, but so many believers think it is.

Reminds me of people who refuse doctors because "God will provide" ignoring the fact that "God provided" the doctors who want to help them. Not only is their thinking magical, but it's inconsistent, negative, and needlessly confrontational.

Re:Amen with the crashed systems. (-1, Troll)

Darby (84953) | more than 5 years ago | (#26043929)

Reminds me of people who refuse doctors because "God will provide" ignoring the fact that "God provided" the doctors who want to help them. Not only is their thinking magical, but it's inconsistent, negative, and needlessly confrontational.

Wow, so close but such an utter failure in rational thinking.
Once you assume anything as insane as "god", you have to realize that he created the diseases in order to watch humans suffer for his amusement. Now maybe he gets a laugh out of doctors working to correct his evil decisions, but you're an entirely delusional nitwit when you pretend that doctors are god's plan to help when he could have much more easily helped by not creating the fucking diseases in the first place.

I mean, it's a common problem, but damn if that doesn't illustrate the idiocy of god believers. Give him credit for everything good but fail to hold him accountable for his atrocities? Stupid, stupid, stupid,

Re:Amen with the crashed systems. (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26038609)

That is because you are thinking like an engineer and they aren't. People, even people who should know better, have perverse attitudes about problems.

Somebody at the meeting has some concerns about the viability of the plan. Praise him for voicing those concerns so that they can, if necessary, be addressed? Heck no, tell that whiner that there is no place for negativity among team players.

Nmap crashes the system. Great, we discovered a DOS vulnerability before it could be used against us? Hardly, if that hacker hadn't been hacking none of this trouble would have happened.

I'm not sure how much of this is just laziness: If the problem doesn't show up on my watch it isn't my problem; and how much is actual magical thinking. A disturbing number of people seem to think that optimism actually makes things work, pessimism actually breaks things, negativity actually makes things work, etc. The Secret [thesecret.tv] is perhaps the purest form of this utter nonsense; but slightly milder variants are all over the place.

Re:Amen with the crashed systems. (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#26042925)

So if I pour water on your laptop when you turn your back, am I doing you a service by testing the machine's water resistance?

Should you thank me for pointing out the deficiency?

Or should you strike me for subjecting the machine to something it was never designed to handle?

It's dishonest to claim that you're doing someone a service by subjecting their machine to high loads. What you are doing is satisfying your curiosity. Which is fine, but when it causes harm, you are responsible for that harm.

Just because something like a DDNS attack could happen does not mean that it would have happened, at least until you got board on a Friday night.

Re:Amen with the crashed systems. (3, Interesting)

digitalhermit (113459) | more than 5 years ago | (#26038639)

I used to work at a (now defunct) flower company. My office was glass walled, overlooking the entire sales floor. One day I was testing Samba on a small desktop machine. I remember starting up nmbd/smbd. Then moments later, I looked into the sales pit and saw people getting up, the Win95 workstations had begun to bluescreen one by one. I didn't connect the two.

A half hour later everyone has rebooted. In that time I'd turned off Samba to work on something else. I restart Samba on that little machine (it was called Stargate because it would act as a gateway to some shares on a Sun E6500). The moment I press enter, the machines start bluescreening again. I realized just at that moment what happened and immediately shut it down.

Re:Amen with the crashed systems. (1)

GXTi (635121) | more than 5 years ago | (#26038993)

In fact, a system that is thrashing itself to death (already "crashed") can still be scanned without disturbing its thrashing.

crash (1)

jDeepbeep (913892) | more than 5 years ago | (#26038995)

The system crashing is not a bug.

It is a feature.

Re:Amen with the crashed systems. (2, Insightful)

dbIII (701233) | more than 5 years ago | (#26042483)

Some HP printers and network to parallel port converters fit squarely into that catagory on all accounts but are still expensive things to fix after a port scan.

In college... (3, Informative)

Shadow7789 (1000101) | more than 5 years ago | (#26037379)

my school's IT department confused my port scanning with that of a virus and subsequently banned me from the network.

Re:In college... (-1)

X0563511 (793323) | more than 5 years ago | (#26037519)

Did you have permission to scan their network? No? Too bad. Think before you act next time.

Re:In college... (4, Insightful)

russotto (537200) | more than 5 years ago | (#26037901)

The Internet doesn't work if you need permission to send an IP packet to someone.

Re:In college... (1)

operagost (62405) | more than 5 years ago | (#26038555)

Sounds like he was probably scanning their LAN, not their internet face.

Re:In college... (2, Funny)

AgentPhunk (571249) | more than 5 years ago | (#26041551)

Right. Just be nice and set the Evil bit if you're doing anything naughty. Problem solved.

Re:In college... (0)

Anonymous Coward | more than 5 years ago | (#26037569)

They do this all the time, and it's basically the nice way of saying "Hey, we know you were port scanning, but we don't want to directly accuse you of doing it, but we have to give a reason for banning you"

I've had this happen too, I ran a virus scan, e-mailed them the results, and they unbanned me...

Re:In college... (1)

tripdizzle (1386273) | more than 5 years ago | (#26037619)

Maybe use -sS??

Re:In college... (3, Funny)

Daimanta (1140543) | more than 5 years ago | (#26040849)

I got jailtime in Germany for trying that. I would not advice it personally.

Re:In college... (0)

Anonymous Coward | more than 5 years ago | (#26043967)

I got jailtime in Germany for trying that. I would not advice it personally.

Heck, Dude, you can get sent to camps to be exterminated in Germany just for being gay or a gypsy or something. Color me unsurprised.

Re:In college... (4, Informative)

MadMidnightBomber (894759) | more than 5 years ago | (#26038273)

If you are at college, do NOT:

* 'finger' every possible username programmatically.
* do a nessus scan on the IT people's servers "just to see"
* nmap the college's /16
* attempt an infeasible online crack of an admin's password from a computer you've just logged into. in a lab you swiped your own card to get in.

All of these actions will get you noticed, but not in a good way.

love & kisses, your friendly college sysadmin

Re:In college... (1)

PitaBred (632671) | more than 5 years ago | (#26038605)

As an addendum, an accidental "Net Send" to a domain rather than your buddy will also get you noticed ;)

Re:In college... (0)

Anonymous Coward | more than 5 years ago | (#26039287)

Imagine the looks as the entire AP computer science class shows up for detention the day after having a sub...

Someone accidentally sent a domain message, so everybody across three campuses got the message upon login, then a few others did a reply in a similar fashion.

Re:In college... (1)

Doug Neal (195160) | more than 5 years ago | (#26039769)

As an addendum, an accidental "Net Send" to a domain rather than your buddy will also get you noticed ;)

Heh, I saw that happen in a call centre once. They were a lot less understanding than a college would have been...

Re:In college... (1)

nog_lorp (896553) | more than 5 years ago | (#26041881)

My college doesn't run Windows tyvm.

Re:In college... (2, Interesting)

X0563511 (793323) | more than 5 years ago | (#26038833)

Darwin at work. Let them be caught ;)

Re:In college... (0)

Anonymous Coward | more than 5 years ago | (#26039961)

I am amused by your petty nmap scans. Bwaha ha ha ha ha! I have enough problems with staff and faculty setting their passwords the same as their usernames, and crackheads wandering in off the street and stealing our wireless APs.

Students are actually fairly good about security, all having grown up online at this point.

Re:In college... (3, Funny)

RockWolf (806901) | more than 5 years ago | (#26041809)

love & kisses, your friendly college sysadmin

Why didn't I have one of those? I feel so unloved...

Re:In college... (1, Funny)

Anonymous Coward | more than 5 years ago | (#26041927)

Bah, that's nothing. I was banned from my middle school library for a year for cleaning the rollers on a ball mouse.

Re:In college... (0)

Anonymous Coward | more than 5 years ago | (#26042867)

I did 2 of these 4 when I was in college, and now I work as a security engineer. I was never chased nor caught. Only the sloppy (or foolish) get caught.

Amusingly, my captcha is "secrecy".

Re:In college... (1)

Darby (84953) | more than 5 years ago | (#26044119)

love & kisses, your friendly college sysadmin

Luckily, my college sysadmin is named HappyNoonFlowerHanderOuter, so I'm not worried ;-)

Re:In college... (1)

pgn674 (995941) | more than 5 years ago | (#26038467)

my school's IT department confused my port scanning with that of a virus and subsequently banned me from the network.

Me too. And this was while I was working in the IT department at said school. The guy over in Networking just laughed and put me back on the network.

Then later I got booted again because Google Desktop was being a little too friendly on the network. It only happened that once, so I guess Google updated the program soon after.

Re:In college... (1)

al.caughey (1426989) | more than 5 years ago | (#26039269)

I (a Canadian working for a defunct Cdn software company) was at a US military installation several years ago.

One of the guys from our dev team wanted to show me some new functionality that had been integrated into one of our tools (NMAP). We thought it best that we scan our own domain rather than one of the military domains... it never occurred to us that that just made the situation worse.

A US military site scanning a Cdn web site was bad, two Canadian civilians running the scan from a classified US computer was even worse. But what really got the feathers flying was the fact that it was the NSA who alerted the service of the illicit scan (rather than the service's own red team).

Needless to say, the functionality was quickly removed from the software. Ooops! (And it had nothing to do with the software company becoming defunct)

Re:In college... (1)

BigJClark (1226554) | more than 5 years ago | (#26039583)


eeeeyeah, thats to be expected, as port scanning is a script-kiddies first point of contact to seeing what version/OS the target is using, as well as what apps the target is running, to expose vulnerabilities.

but, you probably already know this ;)

Re:In college... (2, Insightful)

magarity (164372) | more than 5 years ago | (#26041851)

my school's IT department confused my port scanning with that of a virus
 
At a consulting client once I plugged in my usb thumb drive to transfer a document and the corporate scanning software on their computer detected nmap. It was immediately deleted with a pop-up that screamed "hacking tool detected!" On the one hand I was glad I didn't get escorted out (and not paid) but on the other hand it was rude of them to delete it when they could have just disallowed running it.

Phrack's Introduction... (0)

Anonymous Coward | more than 5 years ago | (#26037403)

Chapter 1 starts with an overview of the history of Nmap and how it came to be.

Trivia: I remember clearly reading nmap's introduction to the world in Phrack issue 51 [phrack.com] "The Art of Port Scanning" more than 10 years ago.

(And it's cool to see Phrack is still still around!)

Needs no introduction (4, Informative)

larry bagina (561269) | more than 5 years ago | (#26037417)

I suspect a lot of slashdot readers are too new, have forgotten, or never learned of Fyodor's slashdot "girlfriend". Long story short -- a dude posted on slashdot, claiming to be a girl. Fyodor tried to hook up with "her" and "she" strung him along for awhile. After discovering "she" had dude parts, Fyodor hacked his computer and posted screenshots.

Re:Needs no introduction (1)

Splab (574204) | more than 5 years ago | (#26037647)

Thanks for elaborating, been around slashdot since 2002, never heard of the guy.

Re:Needs no introduction (1)

burner (8666) | more than 5 years ago | (#26038799)

Since '98 here -- me either.

Though I haven't always visited religiously the entire time. (I admit that I may fit into the "have forgotten" category)

Re:Needs no introduction (-1, Troll)

X0563511 (793323) | more than 5 years ago | (#26037697)

Link or it's bullshit, especially from you.

Re:Needs no introduction (4, Informative)

larry bagina (561269) | more than 5 years ago | (#26037791)

link [slashdot.org]
link [slashdot.org]

Re:Needs no introduction (3, Informative)

Anonymous Coward | more than 5 years ago | (#26040711)

Counter link [slashdot.org] .

It all depends on who you trust more.

sllort journal == trolls spelled backward (0)

Anonymous Coward | more than 5 years ago | (#26043559)

Um, sllort is a known troll account who regularly makes up stories. His username is 'trolls' spelled backwards, and you call sllort's page of speculation a credible citation? It is possible that some parts of the story are true, but you have still been trolled.

Re:Needs no introduction (1)

russotto (537200) | more than 5 years ago | (#26038035)

Read the story. Totally justified. Trolls should know better than to meddle in the affairs of dragons.

Re:Needs no introduction (1)

Surreal Puppet (1408635) | more than 5 years ago | (#26038319)

That's really one of those one-in-a-million things. Getting trolled like that, Yahoo vuln, open X server on a home *nix box. The stars really aligned.

Re:Needs no introduction (0)

Anonymous Coward | more than 5 years ago | (#26040485)

That's really one of those one-in-a-million things. Getting trolled like that, Yahoo vuln, open X server on a home *nix box. The stars really aligned.

Open X Server on a home Windows box

Re:Needs no introduction (1)

karlconnors (1352873) | more than 5 years ago | (#26040653)

No one really cares, nor did they ask about it.
So the question is, why do you feel the need to share that bit of irrelevant information?
Yes, everyone is vulnerable to social engineering.
Is this the best security tool around, heck yes.

Re:Needs no introduction (1)

karlconnors (1352873) | more than 5 years ago | (#26041023)

No one really cares about this, except you. The question is, why?
What do you have against Fyodor? Why are you jealous of him?

The is a book about an powerful security tool, can't ya just focus on that?

Re:Needs no introduction (1)

Jansingal (1098809) | more than 5 years ago | (#26042285)

wow, what a valuable post.

u must be a reall important person.

matrix reloaded (4, Interesting)

circletimessquare (444983) | more than 5 years ago | (#26037593)

while mostly being a steaming pile of shit compared to the original, it attempts to redeem itself by accurately using nmap in one scene

http://www.theregister.co.uk/2003/05/16/matrix_sequel_has_hacker_cred/ [theregister.co.uk]

That's exactly how the fictional Trinity uses it. In a sequence that flashes on screen for a few scant seconds, the green phosphor text of Trinity's computer clearly shows Nmap being run against the IP address 10.2.2.2, and finding an open port number 22, correctly identified as the SSH service used to log into computers remotely.

"I was definitely pretty excited when I saw it," says "Fyodor," the 25-year-old author of Nmap. "I think compared to previous movies that had any kind of hacking content, you could generally assume it's going to be some kind of stupid 3D graphics show."
blockquote>

Re:matrix reloaded (0)

Anonymous Coward | more than 5 years ago | (#26037867)

it attempts to redeem itself by accurately using nmap in one scene

You can even see the command options given, the syntax appears to be correct.

Check it out! [youtube.com]

Re:matrix reloaded (2, Informative)

pak9rabid (1011935) | more than 5 years ago | (#26037891)

Haha, yea. I remember seeing that scene, pausing, rewinding, then going frame-by-frame to verify I saw what I thought I did.

Re: Matrix Reloaded (4, Informative)

fv (95460) | more than 5 years ago | (#26038793)

Yeah, Nmap has actually been in a surprising number of major movies. I created the Nmap in the Movies [nmap.org] page to document them with screen shots. The Matrix Reloaded was the most exciting and really started the trend. I guess the rest of Hollywood just followed along and decided that the command shell was the new way to portray hacking, rather than ridiculous 3D animated eye-candy scenes from the era of Hackers and Swordfish. So we got Nmap in Bourne Ultimatum, Die Hard 4, etc.

I wanted to include a screen shot of Trinity hacking the Matrix with Nmap for this book, but a then-potential publisher said I needed permission from Time Warner first. It took many unanswered requests, but Time Warner finally replied with basically "hell no, you IP pirate!" Of course they phrased it politely like "we would love to allow that, but our policies prohibit us from granting that permission". Funny, they didn't mind using Nmap in their movie without permission, credit, notification, etc. Then they say I can't even include a screen shot of them using Nmap?

So I dumped the potential publisher and added the screen shots anyway (page 8) :).

-Fyodor
Insecure.Org [insecure.org]

Re: Matrix Reloaded (2)

milesw (91604) | more than 5 years ago | (#26041053)

I am a very occasional (though appreciative!) user of Nmap, but after reading this:

So I dumped the potential publisher and added the screen shots anyway

I immediately bought a copy via the Amazon link. Fyodor, well done, sir!

Re: Matrix Reloaded (0)

Anonymous Coward | more than 5 years ago | (#26043403)

Its not the first time he's broken the law :)

http://slashdot.org/~sllort/journal/33255 [slashdot.org]

Re: Matrix Reloaded (1)

RiotingPacifist (1228016) | more than 5 years ago | (#26043865)

All that that journal contains as evidence are circular references?
The only thing that would convince me that a bunch of trolls aren't lying would be a cached (somewhere trusted not www.tollaxor.org/...) pages on insecure.org, showing the boasting.

in otherwords TITS OR GTFO!

Re: Matrix Reloaded (0)

Anonymous Coward | more than 5 years ago | (#26044429)

Re:matrix reloaded (0, Redundant)

gatekeep (122108) | more than 5 years ago | (#26039297)

Obligatory link to the Movies featuring Nmap page [nmap.org] . Enjoy.

Re:matrix reloaded (1)

srvivn21 (410280) | more than 5 years ago | (#26040731)

while mostly being a steaming pile of shit compared to the original, it attempts to redeem itself by accurately using nmap in one scene

http://www.theregister.co.uk/2003/05/16/matrix_sequel_has_hacker_cred/ [theregister.co.uk]

That's exactly how the fictional Trinity uses it. In a sequence that flashes on screen for a few scant seconds, the green phosphor text of Trinity's computer clearly shows Nmap being run against the IP address 10.2.2.2, and finding an open port number 22, correctly identified as the SSH service used to log into computers remotely.

"I was definitely pretty excited when I saw it," says "Fyodor," the 25-year-old author of Nmap. "I think compared to previous movies that had any kind of hacking content, you could generally assume it's going to be some kind of stupid 3D graphics show."
blockquote>

Trinity didn't use nmap. Seriously, she didn't have the time. The hacking was performed by the original team sent in to do the job. She just executed a simple command on a compromised system.

Just like a manager, they did all the hard work, she took all the credit.

I didn't need WipeOut... (1, Offtopic)

Black Rabbit (236299) | more than 5 years ago | (#26037635)

...to know that I wanted to play drums!

It's not just miles ahead of the competition... (2, Informative)

Surreal Puppet (1408635) | more than 5 years ago | (#26038229)

NMap is the best there is, period. There's not even specialist scanners that can up it's features, especially since you can set packet flags manually in the more recent versions. It really, really fills it's niche. I use it all the time in my daily life just for benign remote service discovery, and I assume many people do too. I've never had anyone complain about it either.

Re:It's not just miles ahead of the competition... (1)

value_added (719364) | more than 5 years ago | (#26038487)

For the kids following along at home, nc (netcat) can be used similarly.

nc -z 10.2.2.2 22
Connection to 10.2.2.2 22 port [tcp/ssh] succeeded!

Port scanning doesn't work as fast, of course, but then, nmap isn't always available.

Re:It's not just miles ahead of the competition... (1)

Surreal Puppet (1408635) | more than 5 years ago | (#26038795)

A point is that one of the more useful basic features of NMap, the SYN partial-handshake scan (default when run as root) can't be replicated by nc. It always leaves marks in connect logs. Hping can replicate that feature though: "hping -8 -S known host.com" will SYN scan all ports listed in /etc/services on host.com

Network map? (2, Interesting)

Anonymous Coward | more than 5 years ago | (#26038569)

Have they included a network mapping function yet? They announced it as a GSoC project last year I think, did they get around to hack some graphical map output?

Re:Network map? (4, Informative)

fv (95460) | more than 5 years ago | (#26039121)

Have they included a network mapping function yet? They announced it as a GSoC project last year I think, did they get around to hack some graphical map output?

Good question--and yes, we have! Full details on this feature, including screen shots, are provided in Section 12.5, "Surfing the Network Topology" starting on page 317. That section is also available free online [nmap.org] . The code has been integrated into the latest version (4.76) of Nmap, available here [nmap.org] .

-Fyodor
Insecure.Org [insecure.org]

Re:Network map? (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26043373)

Fyodor is a bad person.

http://slashdot.org/~sllort/journal/33255 [slashdot.org]

Re:Network map? (1)

HeronBlademaster (1079477) | more than 5 years ago | (#26039133)

Yes, it's called Zenmap [nmap.org] .

468 Pages on NMAP?????? (0)

zukinux (1094199) | more than 5 years ago | (#26041297)

I thought I was not reading correctly, but... 468 pages on a single book about nmap?
I'd prefer [code]# nmap -h (or --help)[/code] it would give me the same results. JESUS! people became crazy... 468 pages?!!?!?! Nmap?!?!?!

Re:468 Pages on NMAP?????? (1)

Jansingal (1098809) | more than 5 years ago | (#26042303)

hey, it is a really big font :)

nmap and IPv6 (3, Interesting)

swillden (191260) | more than 5 years ago | (#26041381)

This is tangentially related, but it sort of fits in with the idea of "cools ways to use nmap" -- or, in this case "things you can't do with nmap".

While setting up a 6to4 tunnel to give my home LAN IPv6 access (just for fun), I decided to use nmap to scan my home IPv6 network. I've used nmap from time to time to portscan, but mostly I use it as a ping scanner, just to find live hosts, so it seemed like a natural way to find out which hosts had picked up IPv6 addresses.

I first tried the obvious syntax "nmap -sP <my subnet prefix>::/64", but nmap told me that slashes are not allowed, and that "IPv6 addresses can currently only be specified individually".

My first reaction was "Well, that's stupid. Why can't nmap handle IPv6 subnets? Idiots". However, a half-second later it occurred to me that I was the idiot: what I thought I wanted nmap to do was to scan 18,446,744,073,709,551,616 addresses. That's obviously impractical. That many requests would saturate a 10 Gbps network for 60,000 years (2^64 128-byte packets).

So, FYI, if you want to find out what hosts are live on your IPv6 network, the way to do it is to ping the link-local multicast address (fe02::1). Assuming they're not firewalled, all of the hosts will answer. Of course, what you'll get back is their link-local addresses, not their routable addresses. I haven't found a convenient way to get a list of those, other than a little sed script to convert the link-local addresses to their equivalents in the subnet.

Re:nmap and IPv6 (1)

RiotingPacifist (1228016) | more than 5 years ago | (#26043881)

why cant nmap do that, then scan each of the hosts that answer?

Offtopic (0)

MarginalWatcher (1055844) | more than 5 years ago | (#26041403)

Whiskey Tango Farva? Not to put Nmap or Zenmap down, but WTF? If I've missed something and Fyodor is entitled to a multi-page ad, I apologise.

Re:Offtopic (1)

JebusIsLord (566856) | more than 5 years ago | (#26041667)

You probably missed the part where NMap is open source.

Where Is The Chapter Detailing Him Hacking /. User (1)

Real World Stuff (561780) | more than 5 years ago | (#26041467)

Re:Where Is The Chapter Detailing Him Hacking /. U (0)

dbIII (701233) | more than 5 years ago | (#26042611)

It really isn't worth a chapter, but funny just the same.

Not perfect behaviour but is that bit of tresspass really that bad? IMHO it's about thirty notches down the "black hat" scale less nasty than spammers that pretend to send things from your email address. I like it as a nice little anecdote to tell people to have decent firewall rules (and not have unsecured MS Windows machines naked to the net).

Re:Where Is The Chapter Detailing Him Hacking /. U (1)

Jansingal (1098809) | more than 5 years ago | (#26042741)

and your point is what?

mmm nmap... (1)

blad3runn69 (1022135) | more than 5 years ago | (#26043707)

nmap is way cool, infact so cool I am surprised it is legal, heh ;P Thank you & kudos to you Fyodor for your expertise and generosity, truly brilliant and inspirational stuff.

mmm nmap... (1)

blad3runn69 (1022135) | more than 5 years ago | (#26043753)

nmap is way cool, infact so cool I am surprised it is legal, heh ;P Thank you & kudos to you Fyodor for your expertise and generosity, truly brilliant and inspirational stuff.

Nmap is a great way to get kicked by your ISP. (0)

Anonymous Coward | more than 5 years ago | (#26044235)

I tried using Nmap to find open FTP servers on a class B address. It's all fun and games until you try it on a class B. Just do class C at most. Class C will probably still piss off enough people to get you in trouble, and thats only scanning one port.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?