Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nmap Security Tool Survey

michael posted more than 11 years ago | from the portscanning-for-fun-and-profit dept.

Security 104

spring writes "Every so often, the author of everyone's favorite network reconnaissance tool, nmap, runs a survey to determine which security-oriented software products are most popular. This year's tool survey was just released, and it contains some interesting results. Old favorites like Nessus, Snort, Netcat, and Ethereal made the list, of course. SAINT and SARA are still around. But a number of new tools appeared this year, like Windows-only GFI LANguard, SuperScan, and Cain & Abel. Nikto and Kismet demonstrate the growing importance of wireless networks. The survey contains many good tools. Certainly worth a read."

Sorry! There are no comments related to the filter you selected.

FIRST POST FUX0R5 (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#5877798)

FIRST POST FUX0R5

faggots (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5877800)

that's what you all are

have a nice day, fags

FP!!!! (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#5877804)

FP! I have an FP.

I rock.

Re:FP!!!! (-1, Offtopic)

BenV666 (620052) | more than 11 years ago | (#5877811)

Too bad it doesn't have your name on it ;)

Re:FP!!!! (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#5877893)

Too bad it isn't the FP at all :-/

FP! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5877805)

I's a needing more hos [cheats4us.org]

Worth a read (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5877814)

"Certainly worth a read."

Michael, you're getting almost as bad as... COMMANDER TACO! "Read" is NOT a noun, so you don't use an article as you would with one.

Re:Worth a read (-1, Offtopic)

the_real_tigga (568488) | more than 11 years ago | (#5877850)

"Certainly worth a read."

Michael, you're getting almost as bad as... COMMANDER TACO! "Read" is NOT a noun, so you don't use an article as you would with one.


You don't use an articel with one, too. See?

TRINITY DIES AT THE END OF MATRIX RELOADED! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5877837)

Warning: Spoiler in topic!

Re:TRINITY DIES AT THE END OF MATRIX RELOADED! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5877885)

Awesome, you just saved me $10 for movie admission.

Re:TRINITY DIES AT THE END OF MATRIX RELOADED! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5877894)

Ummm, a multi-demensional arrary of numbers was re-loaded and the Trinity, (Godhead, Father, Son) is now dead? I don't get it. Is this a reference to the following? ....
[dartmouth.edu]
In the latest effort to convert the mathematically squeamish, Dartmouth College has developed a new program, "Math Across the Curriculum," that integrates the subject into some very unlikely places -- art and literature, for example.

"A Matter of Time" pairs a comparative literature professor and a math professor to lead discussions on the fourth dimension. Readings include "One Hundred Years of Solitude" by Gabriel Garcia Marquez, the Book of Genesis and works by Freud, Nietzsche, Poe and Borges.

Re:TRINITY DIES AT THE END OF MATRIX RELOADED! (-1, Offtopic)

prizna (671041) | more than 11 years ago | (#5881170)

Bullshit, how do you know that???!

Security tools are awesome, but.... (5, Insightful)

whiteranger99x (235024) | more than 11 years ago | (#5877842)

remember that these tools aren't going to be the "end all/be all" of network security.

You also have to have a good preventive security plan, which these tools will help out in. However, there should also be a plan of action should these security measures get bypassed (i.e. an insider job, program exploits, trojans, etc...)

But that's just my contention...

Re:Security tools are awesome, but.... (5, Insightful)

FiDooDa (23111) | more than 11 years ago | (#5877870)

remember that these tools aren't going to be the "end all/be all" of network security.

isn't why they are called tools and not solutions ?!?!

Re:Security tools are awesome, but.... (3, Insightful)

whiteranger99x (235024) | more than 11 years ago | (#5877903)

Isn't why they are called tools and not solutions ?!?!

Fair enough, I agree with you there. I simply meant to say that sometimes these tools are referred to as a complete solution, which is most likely a misnomer.

Re:Security tools are awesome, but.... (2, Insightful)

FiDooDa (23111) | more than 11 years ago | (#5877927)

sometimes these tools are referred to as a complete solution, which is most likely a misnomer.

sooo true, I (unfortunately) witnessed it too many times.

Re:Security tools are awesome, but.... (0)

Anonymous Coward | more than 11 years ago | (#5880358)

story please?

i mean i would like to hear what phb's thought scanning their network was all they needed - it's funny and i like to laugh

Re:Security tools are awesome, but.... (1, Funny)

Anonymous Coward | more than 11 years ago | (#5877875)

Also, these tools will help break into places with poor security policies. :-)


Dear Slashdot: Where the fuck is my "Post anonymously" button? Are you telling me I have to logout to post anonymously now? What the fuck is wrong with you assfucks?

I am not slashdot, buttttt.... (1)

zogger (617870) | more than 11 years ago | (#5878007)

... hitting the reply button, whilst logged in, reveals the post anonymous check box is still there.
No idea why you do not see it. Perhaps post your config instead of just cursing at the owners? maybe it's only broken with some combinations?

FWIW, old coal burner pentium, linux,i686, moz 1.3b browser

Re:Security tools are awesome, but.... (1)

orangesquid (79734) | more than 11 years ago | (#5878819)

After posting anonymously the other day, my "post anonymously" button disappeared for a day or two. I think my post was modded down, but I don't know if this has anything to do with it. Of course, one thing that worries me is that slashdot seems to be able to "know" when you post something anonymously, which is *not* how it ought to be. Ever noticed that, if you have mod points, you can't mod up your own anonymous posts? Curious..

I suppose not being able to post anonymously would be either to discourage anon posting or cut down on trolling by members, or something.

Re:Security tools are awesome, but.... (1)

orangesquid (79734) | more than 11 years ago | (#5878930)

a-HA! It's a random bug. slashcode@sourceforge [sourceforge.net]

Re:Security tools are awesome, but.... (2, Informative)

ChazeFroy (51595) | more than 11 years ago | (#5877941)

Nikto...demonstrate[s] the growing importance of wireless networks.

Last I checked, Nikto had nothing to do with wireless networks. It's a web server scanner based off Whisker [wiretrip.net] .

Re:Security tools are awesome, but.... (1)

sullo (670932) | more than 11 years ago | (#5878630)

Yeah, kind of raised my eyebrows as well, but.. heck, it's right in the source list on insecure.org, and it's all for fun (right?).

- Sullo [cirt.net]

Re:Security tools are awesome, but.... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5877944)

checking whether RMS is a dirty hippie... yes
checking whether RMS has taken a shower the latest month... no

Re:Security tools are awesome, but.... (4, Insightful)

SEWilco (27983) | more than 11 years ago | (#5877978)

There is also no requirement to depend upon a single tool. Having alarms on your doors doesn't protect your windows. Perimeter detectors establish a fence, while tripwires, beams, and area detectors offer notification of activity in different ways -- and design is affected by issues such as whether or not you have a cat. Don't limit your design to only using one tool, consider your needs and the variety of tools.

Re:Security tools are awesome, but.... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5878199)

(Obvious, Score: 5)

Re:Security tools are awesome, but.... (3, Insightful)

jjb (250135) | more than 11 years ago | (#5878711)

I totally agree. But they're tools, not "solutions."


Anyway, Defense in Depth is always good -- if an attacker penetrates the firewall, it's good to have hosts that are harder to crack. If the host gets cracked, you'd want to have an incident response plan and policy so that you can contain the damage.


In Bastille Linux [bastille-linux.org] 's defense, we try very hard to educate the sysadmin/user so they'll make better decisions. Bastille tries to educate the user, to help her build a good hardening policy for her hosts and hopefully her site.


And that education is one of the few things that will actually keep your sysadmins or users from blowing the entire site's security away with a bad decision... Who cares if you're proactively scanning for open ports when you don't know why some of those open ports are worse than others? Your admin has to know that allowing Samba/CIFS/Windows filesharing through the perimeter firewall is asking to be hurt badly. Your admin has to know that setting every Unix box to give root via rsh from a particular (spoofable) IP addess is asking for a domino effect.


Education, unfortunately, is the hardest step.

Nmap tool mas importante... (-1, Redundant)

Thaidog (235587) | more than 11 years ago | (#5877846)

How it's better... I'm not sure... But it is an excellent tool.

Saint became commercial product (1)

Giga-Byter (670519) | more than 11 years ago | (#5877853)

It's too bad. I'd liked to use it sometimes ;)

My two cents (1)

rastakid (648791) | more than 11 years ago | (#5877857)

"But a number of new tools appeared this year, like Windows-only GFI LANguard, SuperScan, and Cain & Abel."

Cain & Abel has been around for ages, so maybe a new one on the list, not really a new tool.

Just my two cents.

Re:My two cents (1)

rastakid (648791) | more than 11 years ago | (#5877883)

Another two cents (makes it four):

Why aren't there any numbers in the list? I would like to know how many votes a given scanner was given.

Lies, damn lies and statistics.

Re:My two cents (1)

c0y (169660) | more than 11 years ago | (#5878364)

Cain & Abel has been around for ages, so maybe a new one on the list, not really a new tool.

Ditto for SuperScan. The link has copyright 2000, and I've known about it for approximately that long.

Re:My two cents (0)

Anonymous Coward | more than 11 years ago | (#5883474)

Yea, the Slashdot story isn't clear, but the article makes it very clear.

These icons are used:
NEW Did not appear on the 2000 list

Google DDOSSED! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5877867)

friewall (-1, Flamebait)

chickensdelight (639913) | more than 11 years ago | (#5877869)

Zone Alam is good for the M$ PC

instead of a firewall (1)

SHEENmaster (581283) | more than 11 years ago | (#5878011)

just run an http proxy through a serial port so that the windows system can't use any other type of connection.

I'd like to see zone alarm beat that! My solution wouln't give any modal dialog boxes either.

Re:friewall (0)

liquidflare (463694) | more than 11 years ago | (#5878022)

Zone Alarm is a good friewall, huh? Do you mean french fries? How exactly would a wall of french fries help your M$ PC? Please explain.

Re:friewall (0)

Anonymous Coward | more than 11 years ago | (#5878102)

Cheers to the inception of the "freedom wall"!.

Re:friewall (3, Informative)

jandrese (485) | more than 11 years ago | (#5878509)

Zone alarm may provide good protection, but it's far from a great product.
  • There's no way to prevent it from spitting up gobs of annoying dialog boxes. This is especially annoying when you're playing some 3D game and zone alarm tries to put up a box on the screen asking you to allow it to go online.
  • It is a pig. It takes 5 minutes or more to boot on my laptop, and is by far the last component ready when I boot up my machine
  • The interface needs work. It's hard for me to find just about everything in it, from the access logs, to the application table, to the network table, etc...
  • It is not good about remembering your settings unless you shut it down normally. If the only time you leave windows is when you crash, be prepared to tell Zone Alarm that Mozilla is allowed to access the internet all over again. I've actually gone and run every network application I could think of, then rebooted just so I wouldn't have to tell Zone Alarm about it again.
Those are just the annoyances I could think of off the top of my head. I probably wouldn't run it (I'm behind a BSD firewall at home anyway) except that the IT department insists on it (it's my work machine).

Re:friewall (1)

scubacuda (411898) | more than 11 years ago | (#5879150)

wtf? was this modded as troll?

I agree--it has a lot of shortcomings...

I know the *most* popular security purchase..... (3, Informative)

AMuse (121806) | more than 11 years ago | (#5877877)

It's These Guys. [drivesavers.com]

When a windows java exploit can reformat your disk by visiting a malformed web page, you don't really have to wonder why they're so popular.

Re:I know the *most* popular security purchase.... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5877914)

I reccomend these [google.com] guys instead, they recovered my data from a molten slop of metal!

Re:I know the *most* popular security purchase.... (0)

Anonymous Coward | more than 11 years ago | (#5878567)

I'm not the parent...but uh, troll? nah, just funny/offtopic.

Fine set of tools. (5, Funny)

Jack Va1enti (592636) | more than 11 years ago | (#5877887)

Hilary and I intend to run these against every machine in the world, ferreting out and destroying those eeeevil P2P pirates!

Ethereal a security tool ? (3, Informative)

Rosco P. Coltrane (209368) | more than 11 years ago | (#5877912)

Ethereal == tcpdump with graphical interface. Incredibly nice tool, but hardly a security tool.

Re:Ethereal a security tool ? (4, Insightful)

the uNF cola (657200) | more than 11 years ago | (#5877938)

You'd be surprised. tcpdump/ethereal is great for say, when some jerk is trying to DOS you and you need to know how.

Knowing the how allows you to put in filters. Filters allows you to operate.

Re:Ethereal a security tool ? (3, Informative)

Rosco P. Coltrane (209368) | more than 11 years ago | (#5877956)

Of course, but I mean it's not a security tool per se, it's a general purpose tool that happens to be usable for security purposes. Kind of reading /var/log/messages actually :-)

Re:Ethereal a security tool ? (0)

Anonymous Coward | more than 11 years ago | (#5882997)

That's pretty pointless logic. Just about every tool on the list is a general purpose tool. What's your real gripe here? Don't like GUIs?

Re:Ethereal a security tool ? (3, Informative)

the uNF cola (657200) | more than 11 years ago | (#5878235)

Point is, sniffers are the only tool out there to actually see what traffic is out there. Yeah, you can use nmap for finding out what OS is running (sometimes) but that's not security per se either. Its just tcp/ip-to-OS identification.

Sometimes ducks don't just quack. The sometimes fly and lay eggs too.

Re:Ethereal a security tool ? (4, Insightful)

hbackert (45117) | more than 11 years ago | (#5877962)

It's a nice way to check a connection is not made, that packets do not go out of one or another interface, that traffic is encrypted. tcpdump can do the same (except follow TCP traffic, which is very enlightning for users who like telnet).

So while Ethereal does not increase security by itself, it does add security by making it possible to check out the packets. That makes is IMHO a security tool.

Re:Ethereal a security tool ? (1)

frantzen (137260) | more than 11 years ago | (#5883298)

you can you tcpdump and ethereal to browse and help analyze the firewall logs generated by OpenBSD's PF.

I know a better security solution, but ... (-1, Offtopic)

jrl87 (669651) | more than 11 years ago | (#5877943)

it sucks. If you want to totally secure, none of these can do it, they do help and prevent most attacks but they do have flaws. To be totally secure you would have to isolate your computer from all networks.

In other words no internet; I told you it sucks

mac os X tools (5, Informative)

FiDooDa (23111) | more than 11 years ago | (#5878004)

for those interested in sec tools on mac OS X, here is a small list of tools to add :

rpg [well.com] password generator
kismac [binaervarianz.de] a kismet equivalent that also includes a WEP cracker. very nice!
macanalysis [macanalysis.com] a really good security tools suite

Re:mac os X tools (3, Interesting)

jjb (250135) | more than 11 years ago | (#5878607)

kismac looks pretty cool for wireless audits. BTW, Bastille Linux is even more badly misnamed -- we've got it working on Mac OS X now! It takes a perl compile and a tweak to perl-Tk, but it works under X on Mac.

Anyway, if anyone here is interested in helping package Bastille for Mac, especially with that perl upgrade, please contact me!

- Jay

NICK MASSON: LYING ASSHOLE (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5878042)

WHERE'S THE 5DWM, NICK?
WHERE IS IT?

Lameness filter encountered. Post aborted!
Reason: Don't use so many caps. It's like YELLING.

Better Question within (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5878066)

Eric MASSON, where is 5dwm

WHAT THE FUCK YOU BE TALKIN' 'BOUT? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5878099)

Huh?

Wellenreiter (5, Informative)

Echelon309 (534767) | more than 11 years ago | (#5878056)

Although it wasn't on the list, Wellenreiter [remote-exploit.org] is really great wireless scanner. Plus, it runs on the Zaurus under OZ3 [openzaurus.org] , which makes it great for less conspicuous scanning since you don't have to lug a laptop around.

Re:Wellenreiter (4, Informative)

fv (95460) | more than 11 years ago | (#5878455)

> Although it wasn't on the list, Wellenreiter is really great wireless scanner.

Wellenreiter only received 6 votes (even after correcting for poor spelling :) and 10 were needed to place #75. But since it is clearly a useful free tool, I just added a link to it in the Kismet entry. [insecure.org]

Thanks for the suggestion,
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner [insecure.org]

WAP Detectors (3, Interesting)

muzzmac (554127) | more than 11 years ago | (#5878085)

Has anyone seen a decent piece of software that can find WAP's on your network by scanning from the wired part of your network?

What I want is something that scans for known MAC ID's or something to identifiy wireless access points without having to fly all over the country to do it.

There are plenty of wireless based scanners but they involve travel.

Any hints?

Re:WAP Detectors (3, Informative)

lucifuge31337 (529072) | more than 11 years ago | (#5878125)

They may not exsit/certianly aren't popular because of a simple reason: WAPs aren't the only problem, so it's not a complete and meaningful scan. Lots of laptops have wireless built in and gets owned....since it's plugged into your network you can ingress that way.

The popular scanning solutions include several APs that cover your building/area and passivly listen for WiFi traffic. They are typically permamently mounted and listening.

Re:WAP Detectors (0)

Anonymous Coward | more than 11 years ago | (#5878168)

Fluke has some excellent products to do this

Re:WAP Detectors (3, Informative)

Istealmymusic (573079) | more than 11 years ago | (#5878275)

See the MAC manufacturer reference [ethereal.com] . Linksys (a WAP maker) has a couple blocks, but they don't use different OUI's for WAPs only. Its easy to detect WAPs if remote administration is enabled (the domain will be descriptive), but otherwise not as far as I know.

APTools (3, Informative)

_Sprocket_ (42527) | more than 11 years ago | (#5879559)

APTools [sourceforge.net] is one example.

The Human Poop (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5878091)

About 70-80% of an "average" human poop consists of water. Water is absorbed out of fecal material as it passes through the intestine, so the longer a poop resides inside before emerging, the drier it will be.

Much of the remaining portion of the poop, about 1/3 is composed of dead bacteria.

These microcorpses come from the intestinal garden of microorganisms that assist us in the digestion of our food.

Another 1/3 of the poop mass is made of stuff that we find
indigestible, like cellulose, for instance.

This indigestible material is called "fiber," and is useful in getting the poop to move along through the intestine, perhaps because it provides traction.

The remaining portion of poop is a mixture of fats such as
cholesterol, inorganic salts like phosphates, live bacteria, dead
cells and mucus from the lining of the intestine, and protein.

Poop has an odor ("stinks") as a result of the products of bacterial action. Bacteria produce smelly, organic compounds such as indole, skatole, and mercaptans, and the inorganic gas hydrogen sulfide. These are the same compounds that give farts their odor.

The color comes mainly from bilirubin, a pigment that arises from the breakdown of red blood cells in the liver and bone marrow. The actual metabolic pathway of bilirubin and its byproducts in the body is very complicated, so we will simply say that a lot of it ends up in the intestine, where it is further modified by bacterial action. But the color itself comes from iron. Iron in hemoglobin in red blood cells gives blood its red color, and iron in the waste product bilirubin gives rise to its brown color.

Poop is mostly shades of brown or yellow, but other colors can arise under certain circumstances. For example, someone with a bleeding ulcer might have tarry black poop from the presence of partially digested blood. Bleeding in the intestine, from an anal fissure or split, for example, can stain the poop red. Some illnesses in babies gives them green or even blue-green poop. But another source of blue poop in children is more innocent: it can come from eating a concentrated source of blue food coloring such as ice cream. Intense red food coloring can produce bright red poop. Sometimes brightly colored foods pass through the gut almost unchanged, and the poop may
be speckled with bright red fragments such as pimentos, or bright yellow kernels of corn.

Many animals eat poop on a regular basis. These include rabbits, rodents, gorillas, many insects such as dung beetles and flies, and yes, dogs. (Keep that in mind the next time a dog wants to lick you!) Herbivores such as rabbits and rodents eat their own poop because their diet of plants is hard to digest efficiently, and they have to make two passes at it to get everything out of the meal. This is equivalent to a cow chewing its cud, only cows are able to re-eat their food without having to poop it out first. Another reason why animals eat poop is that poop contains vitamins produced by their intestinal bacteria. The animal is unable to absorb the vitamins through the intestinal wall, but can get at them by eating the poop. Another reason that animals such as dogs and flies eat poop is that
poop contains a certain amount of protein. Dogs are particularly fond of cat poop because cat poop is high in protein.

People all have eaten poop at one point or another. One of the main ways that diseases and parasites spread is through the consumption of food and water contaminated with feces. This happens because people don't wash their hands carefully after pooping or changing a diaper or scratching their butt. It can also happen through careless disposal of diapers.

You can definitely get sick from eating poop, even in minute
quantities! Although urine emerges sterile from the body (unless the person has an infection), poop emerges loaded with bacteria and sometimes other life forms. Many diseases, including food poisoning, cholera and typhus, are spread by fecal contamination. Many parasites, such as the notorious tapeworm, can be spread through deliberate or accidental ingestion of poop.

There are some parasites, such as pinworms, who depend on people eating their own poop to keep the population up. Pinworms are small nematodes that live in the colon. The females emerge from the anus at night to lay their eggs. Their activity makes the anal area itch. The person scratches the itch (often doing so in his sleep), procuring a small amount of fecal matter and eggs under his fingernails, and then puts his fingers in his mouth. Once the eggs are consumed, the person is infected with a new generation of pinworms.

Many people have pinworms. Luckily, pinworms don't do much harm. You only notice them if you have a lot of pinworms! If you want to find out if you do indeed have them, get someone to gently touch around your anal area with Scotch tape while you are sleeping. The worms will stick to the tape and you'll be able to see them.

Diarrhea is genrally caused by irritation in the intestines, resulting in the bowel passing its contents too fast for the water to be absorbed. There can be several causes, including infection by bacteria or viruses, irritation caused by unfamiliar foods, food allergies, chronic illnesses such as inflammatory bowel disease, lactose intolerance, medications, and nervousness.

Corn poop is one of the mysteries in life. When we chew corn, the outer coating slips off the inner kernal. This outer yellow coating is almost entirely cellulose, and is indigestible. It passes through the gut untouched, and emerges looking like a whole kernel, although it is mostly just the outer skin. The inside of the kernel is starchy and digestible, and that is the part that we succeed in chewing up.

In humans, soft poop is really one long, mostly continuous sausage before it comes out. It gets its "link" look because we tend to pinch off lengths of it with the anal sphincter as the poop emerges. If a person pinches hard enough, the poop separates into several poop units. If the person doesn't pinch that hard, the turds may stay connected.

"Floaters" are turds that have an unusually high gas content.
Sometimes the gases produced by bacteria in our gut don't have a chance to collect into a large fart bubble, but remain dispersed in the feces. The poop then comes out foamy, and has a lower density than water.

Turds can get very large and dry if a person is constipated, causing painful stretching of the anal opening. Pooping can also hurt if the person has hemorrhoids. Hemorrhoids are engorged veins in the anal area. A doctor once described them to me as "varicose veins of the anus," which suggests that the valves in the veins that are supposed to keep the blood flowing in the right direction have gotten messed up. Pooping can also be painful if the person suffers from an anal fissure, a tear in the tissue of the rectum.

Meat protein is rich in sulfides, resulting in smellier farts and
poop. This is the reason that the poop of carnivores such as dogs, cats and snakes smells worse than the poop of herbivores such as cows and horses.

There are many thoughts on the matter of where the word "poop" came from. According to Eric Partridge in his excellent book of word origins (Origins: A Short Etymological Dictionary of Modern English), "poop" comes from the Middle English word poupen or popen, and it originally meant "fart." According to Robert Chapman, author of American Slang, "poop" came into use with its current meaning around 1900.

+1 Informative! (0)

Anonymous Coward | more than 11 years ago | (#5878887)

i certainly learned something new

Strangely enough... (4, Interesting)

GC (19160) | more than 11 years ago | (#5878140)

While all these tools turn out to be the Security Analyst's bible to utopia, they're also the ultimate cracker tools, missing only the Xploits that the old neverending line of script-kiddies use to bypass each and every point that these tools do their best to detect.

Nessus is, however, a single tool, that can be as both useful to the white hat5 as it is the bl4ck hats.

It gets my number one tool vote as being as useful to both partys - yet completely impartial.

A very difficult road to tread indeed...

Re:Strangely enough... (0, Troll)

Anonymous Coward | more than 11 years ago | (#5878393)

I think the easier road to tread is why allow these tools in the first place?

While you can argue over and over about which 'side' gets the most use out of a particular tool, it seems clear to me that without the 'black hats' having access to them, the 'white hats' wouldn't NEED them. that's going back to first prinsipals for me. Why make them so freely accessibly in the first place?. It's like mp3 sharing networks. They can be defended time and time again as useful tools and good for trading patches and such, but who seriously goes to an mp3 trading network for patches? do you really trust them? they trade mp3s to get around licenses and paying for music.

Hence my skeptisism when it comes to security apps like these. I don't believe an excuse of 'impartiality' can be justified when a tool is made that has such strong dark uses.

(watch the biased slashdot mods do their reactionary mod down on me, they can''t help themselves)

Re:Strangely enough... (2, Insightful)

jareds (100340) | more than 11 years ago | (#5878847)

Your analogy to file sharing is bad. A better analogy would be to weapons.

In some la-la fantasy world where violence does not exist, no one would no needs weapons for self-defense. In reality, however, not allowing weapons puts the law-abiding at the mercy of criminals, who may still yet possess illegal weapons.

In some la-la fantasy world where exploits do not exist, no would need to audit their network for security holes. In reality, however, not allowing such tools would leave law-abiding network administrators at the mercy of those who would scan their networks with an illegal tool and discover holes that the administrators have never even heard of.

When a technology A has "strong dark uses", but one of its legitimate uses is defending against technology A, and it is in fact one of the best ways of defending against A, it is clear that making it illegal is sheer folly. For unless you stamp it out entirely, you are worse off than you would be if it were legal, and you could at least use it against itself.

Timely article for my needs (5, Interesting)

l0ungeb0y (442022) | more than 11 years ago | (#5878148)

In the last couple weeks I've amassed a few servers and a client network so, I've had no choice but to become a sysadmin. Which is not what I consider myself (I'm a graphic designer/Web App Programmmer) but, for the sake of responsibility, I find myself fast becoming one.

So I welcome any such article as the one posted here to help better educate me and get me up to date on the even the most mundane of utilities (I hadn't even heard of nessus/netcat)

I'm not a fresh unix convert or technically challenged, it's just that my occupation has demanded that I focus on front end and applicational development rather than network security and monitoring.

So to get by I've been using very basic common sense like running firewalls for port blocking, not running insecure services such as telnet and in the event that i have to (one of my servers is a multiuser webhost so I had to turn FTP on) research and run a more secure variant of that service (for FTP I opted for vsftpd over wu/pro)

And for security, besides my basic IP Masquerading and port blocking firewall (ya, it's that basic, I'm no guru) I run tripwire, which I run a sanity check daily as well as run snort.

This config runs on everyting from my OS X laptop to the RH9 boxes for dev/production serving and seems "ok" for the moment.

I do plan on evaluating/installing some kernal level patches to the RH boxen such as grsecurity [grsecurity.net] but I thought I'd use this topic to fish for pointers as I am also looking for some good educational material such as IP/Network configuration and indepth material on properly setting up an ironclad DMZ. So if anyone has some highly recommended links or knows of soome good books on amazon to point out or even comments to make here to give some pointers, i'd be much appreciative.

Re:Timely article for my needs (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5878197)

Learn fucking Enlighs. Pooftah

Re:Timely article for my needs (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5879586)

Here's some advice: Never, ever, say "boxen" again. Ever.

You even admitted you're a "web guy" first, and not a sysadmin, so do everyone a favor and drop the pretentious bullshit word "boxen" from your vocab.

Thanks!

Re:Timely article for my needs (1)

Azghoul (25786) | more than 11 years ago | (#5880334)

Too bad the other responders to your post are nitwits. I'm no expert either and I'll reload this one a few times to see if anyone knowledgeable actually responds...

In the meantime, I've found that Hacking Linux Exposed, by Hutch, Lee and Kurtz is very cool, and O'reilly's Building Linux Firewalls is very thorough.

I've also come to realize (admin'ing my company's network for a little over a year and only getting nipped once by me foolishly leaving FTP open) that using iptables with the default door closed, shutting down services and only opening what's absolutely necessary is a pretty nice start.

Beyond that, it's my belief that our systems are in more danger from inside, and from potentially malicious employees (fortunately there's only one who knows anything other than me ;)). Now if I can just get the boss to spring for some good old-fashined Master Lock security.....

Wasn't nmap the tool of controversy from SGI? (2, Interesting)

Billly Gates (198444) | more than 11 years ago | (#5878187)

I remember back in 94 about a SGI product manager being fired for releasing a tool( nmap??). Basically Irix was being hacked to death and he wanted to do something about it.

He developed it as a tool to help system administators secure their system but SGI did not like it because crackers could use it.

Was this SGI tool nmap or not? I was only 16 at the time and can't remember.

Re:Wasn't nmap the tool of controversy from SGI? (4, Informative)

IvyMike (178408) | more than 11 years ago | (#5878296)

You're almost certainly thinking of Dan Farmer's SATAN. Read the story for yourself. [svn.net]

Re:Wasn't nmap the tool of controversy from SGI? (1)

Billly Gates (198444) | more than 11 years ago | (#5878451)

Thanks I am going to download a copy now!

It still pisses me off today that clueless SGI managers view security through obscurity as a means to an end. Irix today is knows to be one of the least secure versions of Unix out of the box right besied SCO openserver. Hmm how did that happen? Judging by how SGI treated security in the past including this incident shows how Irix got the way it did. Here is sgi's opinion on it [llnl.gov] .Non biased info is here. [purdue.edu]

Anyway he should named it something different. A clueless person HR looking at a firing request seeing the words "satan" and "hacker" together certainly cost him his job.

As far as I know its still only a scanning tool like nmap does not actually carry attacks to me knowledge.

Looking at the docs it seems that Satan is cool in terms of you can hide your scanning tracks easier then standard tools like nmap. This is great for a counter cracker attack when I am hacked.

Now lets fire all the system administrators who use this dangerous tool called nmap.

Re:Wasn't nmap the tool of controversy from SGI? (1)

stefanlasiewski (63134) | more than 11 years ago | (#5879057)

I think his intent was to be contraversial.

I mean, calling it 'SATAN' instead of something like 'Cute Puppy Dog Network Analysis Tool' is a reflection of his intent.

That said, I'm really happy that tools like SATAN exist now. Scanning your own network is a great way to learn about network security.

IRIX has changed since those days (1)

green pizza (159161) | more than 11 years ago | (#5878730)

IRIX has changed a lot over the past 6 years. At one point, a stock install of IRIX had almost a dozen root-exploitable holes. These days security holes in IRIX are rare, and are quickly patched by SGI. The company has gone a step further and has actually been making useful security suggestions to its customers. IRIX 6.5 includes a pointy-clicky GUI app to help its artsy users secure some common weaknesses.

For those that have been away from IRIX for awhile, even since 6.5.0 shipped, a lot has been added in recent years... IPFilter, SSH, Kerberos, and other security-aware goodies are now offically supported and have been added in IRIX updates.

IRIX is no OpenBSD, but it has come a LONG way to make itself more secure, especially over the past two years. These days it's on-par with most Linux and Unix distros... average is a pretty good step up from what it once was.

Re:IRIX has changed since those days (0)

Anonymous Coward | more than 11 years ago | (#5878783)

hehe

I will believe it when I see it.

Irix is almost as bad as SCO. Its great with graphics but even sendmail is 5 years old.

Unfortunatly if Irix is better it might be too little too late for this dieing company. Isn't it true they sold opengl to Microsoft.

Re:IRIX has changed since those days (1)

green pizza (159161) | more than 11 years ago | (#5878821)

IRIX 6.5.19 and newer uses Sendmail 8.12.x. I belive BIND was also updated at the same time.

But yeah, most IRIX boxes (especially older ones) are running Sendmail 8.9.3 or worse.

Re:IRIX has changed since those days (1)

green pizza (159161) | more than 11 years ago | (#5879238)

Unfortunatly if Irix is better it might be too little too late for this dieing company. Isn't it true they sold opengl to Microsoft.

Brainless management, crazy high prices, and new MIPS processors behind schedule. There are gobs of reasons why SGI may tank soon. They do have a pretty cool new Linux/Itanium2 system based on Origin architecture. 512 GB RAM and 64 processors on a single linux box (not a cluster).

The biggest SGI is MIPS/IRIX based, though... up to 1024 processors and 1 TB ram on a single machine. Insane system thruput with a price to match! Unfortunately for SGI (and for Cray and their X1) there are only so many governments that can afford (or need the interprocessor thruput of) such huge machines.

SGI still has the rights to most of its technology and patents. They did, however, sell some tech to Microsoft just before the XBox launch. While it was never made public, it is belived the tech was several generalied 3D game console patents SGI filed when creating the Nintendo 64 and various Video-on-demand settop boxes.

OpenGL, while still "owned" by SGI, is mostly handled by the OpenGL board (opengl.org).

OT: Secure your SGI today... (2, Informative)

green pizza (159161) | more than 11 years ago | (#5878807)

1) Update your install of IRIX 6.5 [sgi.com] to the most recent version available to you (6.5.16m for most people, 6.5.19 or 6.5.20 for those with a support contract). If you're unsure about updating, read about the IRIX Release Process [sgi.com] as well as theIRIX Compatibility Mandate [sgi.com] .

2) Install the security patches [sgi.com] for your version of IRIX (note that IRIX releases previous to 6.5.15 will probably not have the most recent security patches available).

3) If you're a security newbie, run the "Improve System Security" application... it can be found under the Security and Access Control section of the System Manager.

4) Install IPFilter [sgi.com] , be sure to learn how to use it [sgi.com] .

5) Subscribe [sgi.com] to SGI's security advisory mailing list.

6) Newbies outta read some of SGI's other sysadmin manuals as well:
Personal Sysadmin [sgi.com]
IRIX Admin [sgi.com]

7) Update your various freeware apps... be sure to read the seperate freeware security notice:
http://freeware.sgi.com [sgi.com]

Security for the home user (5, Funny)

OneArmedMan (606657) | more than 11 years ago | (#5878191)

1) Unplug the power cords and network cables / phone lines.
2) Put it back in the box.
3) Send it back to the place that you bought it from.

Sure its not very practical, but it would make my job a hell of a lot easier

Re:Security for the home user (2, Funny)

/dev/trash (182850) | more than 11 years ago | (#5878379)

But if everyone did that wouldn't you be out of a job?

Re:Security for the home user (4, Funny)

OneArmedMan (606657) | more than 11 years ago | (#5878575)

Nah, I'll always have my job, cause there are always people who say "But my *expert friend said*, followed by *and then my pc just stoped working*. At which point my fee / hour doubles

Re:Security for the home user (0)

Anonymous Coward | more than 11 years ago | (#5883444)

You! I keep hearing, "I paid him double and now it doesn't even boot." It's you!

Re:Security for the home user (1)

/dev/trash (182850) | more than 11 years ago | (#5883518)

Gotta love the 'expert friends'. Now if I could get my friends to pay me for the problems I fix for them.

FOBBMAN (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5878195)

FOBBMAN is a FAG! He's a QUEER LIBERAL!!!

I am surprised ... (2, Interesting)

Anonymous Coward | more than 11 years ago | (#5878206)

I am surprised that aide was not listed. It is a free equivalent to tripwire (which is on the list), and works very well for my needs on both Linux and FreeBSD.

Re:I am surprised ... (4, Informative)

fv (95460) | more than 11 years ago | (#5878485)

> I am surprised that aide was not listed.

AIDE [cs.tut.fi] only received 4 votes, while 10 were needed to place #75. But I agree that it is a useful free tool that potential Tripwire [tripwire.com] users should know about. And so I have added an AIDE link to that entry [insecure.org] .

Thanks,
-Fyodor
Concerned about your network security? Try the free Nmap Security Scanner [insecure.org]

Re:I am surprised ... (1)

zzyp (659456) | more than 11 years ago | (#5878951)

I wanted a tool for checking File system integrity on a Windoze 2000 network, maybe AIDE with Cygwin will do the trick?
Please modify your comment on insecure.org to include that Windoze with Cygwin is also supported.

May your tribe increase!

SAINT not SAINTLY (2, Troll)

wolf- (54587) | more than 11 years ago | (#5878210)

After SAINT the network tool went after the author of Saint (the open source server/service uptime application) over a name/branding dispute, we have stopped recommending their product (the network security tool) entirely.

They were similarly named, however, there was very little chance of them being confused for one another. Apparently SAINT didn't have enough confidence in their own marketing or their customers intelligence to keep their lawyers out of it.

Just my 2 cents worth. But then, my 2 cents has an effect on a few large clients with large budgets. Good Job SAINT.

uh.. wrong product name? (3, Informative)

EvilStein (414640) | more than 11 years ago | (#5878301)

I belive that you're thinking of Netsaint [netsaint.org] ...aren't you?

It's now called Nagios [nagios.org] :-)

Re:uh.. wrong product name? (0)

Anonymous Coward | more than 11 years ago | (#5878753)

Exactly. Nagios is an amazing product, great open source project. And really, did "NetSaint" confuse you with "SAINT"?

Thank you for the reply. I was on a low bandwidth terminal when I posted, and didn't notice the error until after I had posted (yeah, I even looked at the preview, doh).

Always... (1)

oaf357 (661305) | more than 11 years ago | (#5878380)

This is always a must read. As are a lot of things at insecure.org.

Frighteningly Scary but in a Good Way (0, Redundant)

oaf357 (661305) | more than 11 years ago | (#5878458)

Some of these tools will allow anyone to monkey f*ck a network if they'd like. Hopefully the script kiddies won't be able to figure these out. LOL!

etymology? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5878744)

Where'd they get the name nikto? It sounds like the Russian word for nobody.
On the same page is a link to a tool called YaHa. Why the capital H? Makes it kinda look like "I'm on" in Russian, but I don't know what that would mean.

Eeye (3, Informative)

lonesome phreak (142354) | more than 11 years ago | (#5878925)

Retina, by Eeye, is another excellent scanning school. IMHO, it's better than GFILanguard. I especially like the ability to fix registry problems from the scanning machine. It's interface is also very smooth. It's located here [eeye.com] . They also have another product for scanning IIS, but I haven't used it yet.

Re:Eeye (2, Informative)

barc0001 (173002) | more than 11 years ago | (#5879602)

Retina is good, but even the free version of LANGuard is great for the point-and-click crowd. Windows is not my preferred platform of choice, but I must say I was pleasantly surprised the first time I took a look at LANGuard.
But I wonder if it's not a bad thing that these tools are starting to auto-fix so many items, like the aforementioned Retina and the registry issues. Call me old-fashioned, but I like my people to fix the problems on a box by actually getting onto the box and doing it from there. That way you can also tell if anything... funky... is going on. NT/2000 will do that to you sometimes. Responds to remote requests OK, but there's something going hogwild that you don't really notice until you get onto the console.
Plus, of course, the more people just click a button for scan, and another for fix, the less they'll know what to do if the "fix" button doesn't work in a certain case.

Re: Eeye (1)

lonesome phreak (142354) | more than 11 years ago | (#5881715)

You don't HAVE to repair it from the scanning machine. In fact, you still have to get on the machine to update it for patches. I use both products when I do my audits. I like Retina better, mainly because their reports and the interface looks better. I do audits for medical houses for their HIPAA security compliance.

For the funky stuff...that's why I suggest to always deploy changes/patches to a single PC, run it for 24 hours, then roll changes out to the rest. I always suggest something like SUS for patch control, so the boxes that don't have net access can still be updated. The main problem is I don't actually work at these places, so half the time they don't implement what I suggest and then wonder why things didn't go right. Luckly I have them sign off on my risk analysis, so I can always point and say "You didn't do XYZ, therefor you are having problems in ABC".
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?