Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Fyodor Your Network Security Questions

Roblimo posted more than 11 years ago | from the sometiems-a-thumb-and-blanket-aren't-enough dept.

Security 274

Fyodor is the driving force behind Insecure.org and the top-rated Nmap network exploration and security auditing tool. He's also involved in The Honeynet Project (and is a coauthor of the project's book, Honeynet: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community). One question per post, please. We'll run Fyodor's answers to 10 of the highest-moderated questions as soon as he gets them back to us.

cancel ×

274 comments

Sorry! There are no comments related to the filter you selected.

Early Post (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5936960)

This Early Post for my homies at RIT and Naz.

Re:Early Post (-1)

Anonymous Coward | more than 11 years ago | (#5936970)

Teh Leet Haxor is not amused.

Re:Early Post (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5937007)

Perhaps Teh Leet Haxor should get his thumb out of his ass and type quickly.

2nd (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5936965)

post!!!!!!!

Reason: Your comment looks too much like ascii art.Reason: Your comment looks too much like ascii art.Reason: Your comment looks too much like ascii art.Reason: Your comment looks too much like ascii art.

another early post (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5936973)

Having gotten the fp i figured chaining would be cool

MAUS MAUS MAUS

In Sviet Russa Dave Linux knows everything about Dave

Re:ZAC'S HACKING ABILITIES (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5937224)

He needs a laser to cut his way out of a paper bag.

Subject: BAD SANTA
Comment: Maybe Santa should have thrown those kids some HOT GRITS

ISR (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5936984)

In Soviet Russia...

Old joke tells Dave!

NMap (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5936986)

I got caught when scanning with NMap. Can I sue you?

Re:NMap (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5937078)

Hmm, I got caught once too. I had missed out the -p switch and it scanned lots of ports, rather than just the benign (web proxy) ones I had intended to choose.

Any chance of making it more user friendly, Fyodor, so mistakes like that can't happen??

Re:NMap (1)

andkaha (79865) | more than 11 years ago | (#5937103)

I got caught when scanning with NMap. Can I sue you?

You didn't read the license, did you?

yeat another (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5936990)

1st and 3rd

I Love Dave, He doesn't love me

chain

My Question... (5, Interesting)

tx_kanuck (667833) | more than 11 years ago | (#5936991)

As networks become more complex, and hackers become more sophisticated, how do you see the use of honeypots evolving? Do you think they will have to become mini-networks that can actually be used in-order to prevent them from being detected as honeypots? Or do you think the use of honeypots will just be phased out like many other security tools in the past?

Re:My Question... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5937026)

FIRST POST!!!!!!!! [slashdot.org]

In soveit russia, the story owns the first post.

News For Patriots, Stuff .... +1, Patriot (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5937384)

1. Where is Osama bin Laden?

2. Where is Saddam Hussein?

3. Where is President-Vice Cheney?

4. Where are Iraq's "weapons of mass destruction"?

Thanks in advance and cheers,
W00t

Get Your War On 24 [mnftiu.cc]

Can you here me now... (-1)

Anonymous Coward | more than 11 years ago | (#5936992)

No I cant. Im deaf you insensitive clod.

PROPS TO MAUS.

Work guidelines? (3, Interesting)

eaddict (148006) | more than 11 years ago | (#5936996)

How do you find what you do surviving the likes of DCMA/Patriot Act II/etc???

If you could change one thing. (5, Interesting)

Neck_of_the_Woods (305788) | more than 11 years ago | (#5936997)

If you could get the computer world to agree to change one fundamental thing in computer security on all OSs across the board what would it be?

Re:If you could change one thing. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5937119)

TrOLL

TrOLL

TrOLL

TrOLL

TrOLL

TrOLL

TrOLL

TrOLL

On slashdot - The TROLL owns you!

Re:If you could change one thing. (1, Funny)

Anonymous Coward | more than 11 years ago | (#5937125)

POWER SWITCH TO OFF POSITION.

It's the latest craze in blanket security contracts offered by major firms!

dupe? (-1, Offtopic)

palad1 (571416) | more than 11 years ago | (#5937001)

What will happen if Fyodor's smtp server coughs and sends his reply twice? Will we get the first Slashdot interview dupe?

Re:dupe? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5937062)

What will happen if a giant flaming penis from Mars flies into your living-room, coughs, and sends juices all over you, drenching you from head to toe, twice? Will we get the first Slashdot flaming-penis jizz attack? Do we care?

Re:dupe? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5937111)

That's hilarious! Thanks for the laugh.

What is your favourite tool? (5, Interesting)

Noryungi (70322) | more than 11 years ago | (#5937002)

I have just read your top 75 security tools [insecure.org] list. Thank you for posting all this information, which I am going to study very carefully.

One question though: in all these tools, which one is your personal favourite? (This excludes Nmap, of course).

Thanks in advance!

And: why? (0)

Anonymous Coward | more than 11 years ago | (#5937550)

Wouldn't it suck if he'd just responded: ettercap.

DMCA? (5, Interesting)

Anonymous Coward | more than 11 years ago | (#5937006)

Has the DMCA hindered your company in any way, do you see it as working against security professionals around the US or helping those of us who are interested in security as a career path?

IN SOVIET RUSSIA (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5937009)

Fyodor questions YOU!

Idea (0)

Anonymous Coward | more than 11 years ago | (#5937010)

It would be nice to have the functionality to simply say "yes" to a question like "unknown OS - would you like to submit it to submit.insecure.org" and have it automatically send the information. A compile-time option to enable or disable this would be idea.

Re:Idea (5, Interesting)

zeeble (460056) | more than 11 years ago | (#5937167)

How crazy is the idea of having a hardware based(where all security tools are hardcoded to the chip, and there is some way of updating, lik BIOS flashing) security system installed on machines, rather than using software to detect flaws? Also, do you see buffer-overflow related problems decreasing? As a followup, is gcc a secure enough compiler, or are commercial compilers like say Intel's C++ compiler more effective?

libnet (3, Interesting)

sfraggle (212671) | more than 11 years ago | (#5937011)

Why doesnt nmap use libnet [packetfactory.net] ?

Becuase... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5937146)

In soviet russia libnet uses nmap.
On slashdot - The TrOLL owns you.

Re:libnet (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5937525)

because you didn't bother to rewrite it...

What's your ratio of love:hate mail? (5, Interesting)

lewp (95638) | more than 11 years ago | (#5937019)

On any project like this where there's potentially evil uses mixed in amongst the various good ones, you're bound to get a few angry people who don't understand how helpful your work is to the community at large.

How much criticism do you have to deal with? And how does it compare to the kudos you receive, quantity-wise? Has it ever made you doubt what you're doing?

PS- Thanks. nmap proves its usefulness to me every day.

Re:What's your ratio of love:hate mail? (1, Funny)

Anonymous Coward | more than 11 years ago | (#5937156)

What's your ratio of love:hate mail?

He probably doesn't know - all the spam drowns out everything else :)

My security question (4, Funny)

Anonymous Coward | more than 11 years ago | (#5937023)

What's your account name and password? I'll trade you a two color, ballpoint pen with a logo on it for it.

Re:My security question (0)

Anonymous Coward | more than 11 years ago | (#5937124)

Not very useful without the name/IP of a machine somewhere. Having those would be like having a key without knowing where the lock is.

Re:My security question - not a troll (0)

Anonymous Coward | more than 11 years ago | (#5937202)

it's a reference to the story of people doing a survey going around saying "tell me you password for a free pen", and 75% did. I can't be bothered to find it, but it was front page /. a few weeks back

Security Problem (4, Funny)

TedCheshireAcad (311748) | more than 11 years ago | (#5937028)

I keep getting connections to my box from this bastard, at all sorts of ports. What can I do to find out where he is?

His IP address is 127.0.0.1

Any advice from Fyodor or the Slashdot community?

Re:Security Problem (0, Redundant)

ianjk (604032) | more than 11 years ago | (#5937113)

That same guy was snooping around one of my servers.

Re:Security Problem (2)

Eberlin (570874) | more than 11 years ago | (#5937120)

I say ping flood the bastard!

Re:Security Problem (5, Funny)

xchino (591175) | more than 11 years ago | (#5937134)

See if you can make a CIFS/SMB connection to his box, try your username and password (He probably stole those too!) and then go crazy deleting stuff.

Re:Security Problem (1, Funny)

rixster (249481) | more than 11 years ago | (#5937221)

If that doesn't work, then make sure you firewall yourself against those attacks. Probably best not to do it via the console, but telnet in via another machine. Watch out though - if (s)he's sharp (s)he'll probably block that firewall the moment you can those network connections - I'm afraid you may have to rebuild your machine if (s)he's that far entrenched

Re:Security Problem (1, Funny)

Anonymous Coward | more than 11 years ago | (#5937325)

Bwahahahahahahaha. His name is local host. Do a google search for him. He shouldn't be too hard to find.

Re:Security Problem (3, Funny)

Quill_28 (553921) | more than 11 years ago | (#5937420)

Flood 127.134.232.121

That always stops the 127.0.0.1 hacker

Re:Security Problem (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#5937480)

Here's what you do.

Obviously this 127.0.0.1 has hacked your box.

Now I have dealt with this hacker before, he always does the same thing.

His real ip address is 127.1.33.7 go ahead and ssh or rsh in.

Use your own name and password, since he always copies what you have. Go ahead and su up. Again he just copies your original machine, so the root password is the same.

Now go ahead and start killing stuff at random(excpet for your connection, or even reboot his machine to really stick it to him.

I promise your machine will not be reporting anything about 127.0.0.1

Security Updates (5, Interesting)

rf0 (159958) | more than 11 years ago | (#5937033)

It seems that the numbre of security exploits and updates seems to be growing as more people start experimenting with trying the break systems. Now I'm subscribe to BugTraq et all but find it hard to keep on top of what is going on and what I need to update. What would you say are good tools for keeping up to date across multiple systems and platforms?

Rus

Re:Security Updates (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#5937307)

A brain you fucking karma whore.

Recent increases in anal-retentiveness... (5, Interesting)

Zeriel (670422) | more than 11 years ago | (#5937041)

There's been a marked increase in system administrators thinking that anything even remotely resembling a network scan is eeeeevil (case in point, last year I almost got kick out of college for scanning port 80 on my dorm subnet looking for interesting websites to read)...

What do you think can be done to make scanning IP addresses/ports have less of a negative stigma? This is in the same sort of category as legit vs. illegit uses of anything else (P2P, whatever)--what's the rationale for punishing something that could maybe lead to criminal activity, and how can we make network scanning tools have practical uses again?

RTFM (4, Interesting)

smitty_one_each (243267) | more than 11 years ago | (#5937042)

What are 'good' dead-tree references for the following categories:
FNG--Fscking New Guy
-Terminology, broad-brush concepts, checklists, good reference list
Suit
-Management concerns, planning
Expert
-Detail, performance considerations

Categories are arbitrary; others will segment the market differently. Mainly seeking recommended authors/titles. Full-on reviews too space consumptive.

The human element (5, Interesting)

mental_telepathy (564156) | more than 11 years ago | (#5937045)

The Honeynet project seems to focus a significant amount of attention to the culture of the attackers (extensive logs of IRC chats, for instance.) Do you think the research the honeynet project is doing might make some headway in preventing social engineering attacks (The only hole nmap can't tell you about)?

What tool(s) are we missing from our toolbox? (5, Interesting)

adturner (6453) | more than 11 years ago | (#5937046)

I saw the Top 75 Security Tools survey you did. Lots of great tools there. But I can't help but think that the security community still has plenty of tools that need to be written. So I'm curious what kind of new tools would you like to see written , re-written from scratch, or merged together to create a better tool? Basically, where do you see the missing pieces in the security community toolkit? What kinds or pieces of software would you encourage people in the slashdot community to write?

For The Lazy (1, Informative)

JWhitlock (201845) | more than 11 years ago | (#5937147)

I saw the Top 75 Security Tools survey you did...

Here [insecure.org] is the list.

Username and password... (-1, Offtopic)

HowlinMad (220943) | more than 11 years ago | (#5937050)

Can I have your username and password?

Boxers or briefs? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5937064)

eom

Super-DMCA (5, Interesting)

ziggy_zero (462010) | more than 11 years ago | (#5937067)

What is your opinion on the proposed "Super-DMCA" acts being proposed in several states, which would make honeypots illegal?

Here's [securityfocus.com] the article on it that ran in Slashdot awhile ago.

Basically, the law says you can't "assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise" any device or software that conceals "the existence or place of origin or destination of any telecommunications service." - thus making honeypots, even when used to thwart illegal computer activity, are illegal.

Re:Super-DMCA (3, Informative)

greyfeld (521548) | more than 11 years ago | (#5937194)

These laws are not just "proposed", but a reality in Delaware, Illinois, Michigan, Oregon, Pennsylvania, Wyoming and by now is law in Arkansas (it was sitting on the governor's desk two weeks ago and he hadn't signed it, but becomes law after so many days anyway). Coming soon to a state near you - Colorado, Florida, Georgia, Massachusetts, Tennessee and Texas! You can throw your Nat'ing firewalls, Honey Pots, routers and internet connection sharing out the window folks! Act now in those states before it is too late.
Go to the EFF site here. [eff.org]

Re:Super-DMCA (0)

Anonymous Coward | more than 11 years ago | (#5937288)

how is leaving a machine open to attack concealing the origin or destination of a telecommunications service????

Re:Super-DMCA (1)

stanwirth (621074) | more than 11 years ago | (#5937469)

Basically, the law says you can't "assemble, develop, manufacture, possess, deliver, offer to deliver, or advertise" any device or software that conceals "the existence or place of origin or destination of any telecommunications service."

Good heavens, that would even make every bog standard NAT and Proxy illegal!

Who writes these laws?

OS Identification (0, Funny)

Anonymous Coward | more than 11 years ago | (#5937069)

What OS am I running?

I would change... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5937075)

I would make the FP [slashdot.org] mine.

I would also surround myself with statues of natile portman in the nude.

WITH HOT GRITS.

CNN: . N. Korea claims new drink for techies/nerds (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5937085)

SEOUL, South Korea (AP) -- North Korea, one of the world's poorest countries, claimed it has invented a drink to ease a health threat few outsiders would associate with the country: computer fatigue.

Computers are a rarity among the communist country's hunger-stricken 22 million population. Visitors say the Internet is available only at a few hotels in the capital, Pyongyang.

Still, North Korea's official KCNA news agency said last week that the drink, invented by the Institute of Plant Resources, was tested on computer users, and the "results show that the eye and mental strain has considerably been reduced."

The drink, which ingredients have been extracted from "fruits of a tree," has a "good odor and sweet and sour taste," it said, without giving further details.

Copyright 2003 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

http://www.cnn.com/2003/TECH/biztech/05/12/offbeat .nkorea.drink.ap/index.html [cnn.com]

Re:CNN: . N. Korea claims new drink for techies/ne (1)

stratjakt (596332) | more than 11 years ago | (#5937260)

We already have that in the states. It's called Mountain Dew Code Red.

Curious Yellow? (5, Interesting)

griffjon (14945) | more than 11 years ago | (#5937091)

Do you think that Brandon Wiley's thought-design of "Curious Yellow" (paper at: http://blanu.net/curious_yellow.html or http://www.securiteam.com/securityreviews/6U00L1P5 PY.html) will come about as he's laid out? It seems like not an unlikely scenario once someone puts some effort into actually designing it. What are your thoughts about the evolution of 'smart' worm attacks balanced agains thre need of good network security scanners?

How does it feel... (0, Flamebait)

Anonymous Coward | more than 11 years ago | (#5937101)

to haxor underaged slashdot trolls [slashdot.org] just because they [slashdot.org] pulled off a silly thing and called you a wanker ?

Has the FBI already visited you because of this issue ?

Does nmap have any backdoor for haxoring ?

Are you sure that you are a white hat ?

Re:How does it feel... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5937380)

Fuck you, pumpernickel.

IPv6 (5, Interesting)

binaryDigit (557647) | more than 11 years ago | (#5937112)

Since ipv6 is supposed to address many of the security issues inherent in ipv4, should there be more of an industry push to adopt it quicker? OR having many years now since ipv6 was drafted, have we learned more about the types of attacks/tactics, and therefore should ipv6 be updated. Seems like now would be the time to do it since ipv6 still has not been adopted and changes could be made without too much disruption or cost (time or money).

will exotic OS's help? (1, Interesting)

Anonymous Coward | more than 11 years ago | (#5937117)

I've heard that using "exotic" OSs for network security like OpenBSD on SPARC, NetBSD on SuperH, and Windows NT on Alpha will help increasing my security. Could you verify this?

Thanks?

Re:will exotic OS's help? (0)

Anonymous Coward | more than 11 years ago | (#5937362)

Hmm ... I'm not sure I call these 'exotic' OSs since anyone can download them =) I run OpenBSD on Sparc64 on my day to day desktop (unusual I'm sure, since it isn't Intel, but hardly 'exotic'; You could get one if you wanted -- they can be pretty cheap when bought used!). While it is true that the MMU implementations allow some neat buffer-overflow protection tricks, I think the biggest security gain for your 'average' person is that that Microsoft hasn't ported IE/Outlook to OpenBSD yet, and isn't expected to any time soon =)

what should I do? (0)

adamnap (156974) | more than 11 years ago | (#5937122)

If I am just an academic user running my computer on a fixed IP? should I get rid of my Linux/windows/OSX boxen and run BE?

what is the everyday user's best defense?

You'll have seen a lot of breakins. (5, Interesting)

Hulver (5850) | more than 11 years ago | (#5937141)

During your time running Honeypots, you'll have seen a lot of compromised systems. Is there any incident that's really stuck in your mind because of the audacity of the attempt, or the stupidity of the person attempting the breakin.

Re:You'll have seen a lot of breakins. (1)

gazbo (517111) | more than 11 years ago | (#5937230)

It's OK. The other site's back up now, let me just put this blanket over...Easy! Easy. There we go. We'll get you away from these nasty people and back to your friends.

Theeeere we go.

When you are.. (0, Troll)

ChrisNowinski (606426) | more than 11 years ago | (#5937143)

When you are hacking into a juvinille troll's computers and savagely rooting their boxes because they called you a wanker, are you thinking you would prefer to be put in federal or state prison?

Also, do you trust yourself after you have shown a willingness to take personal disagreements and break federal laws to persue vengance? Thanks.

Weakest link: Between systems and people (5, Interesting)

Simon (815) | more than 11 years ago | (#5937145)

"Given the choice between dancing pigs and security, users will pick dancing pigs every time." -- Ed Felten

examples:

* "SSH shows a warning that the host key has changed. The user ignores it and continues on."

* "The browser warns the a SSL certificate doesn't match the host IP. The user ignores it and continues on."

* "The browser asks if you trust the signer before running some piece of ActiveX. The user ignores it and continues on."

* "The sysadmin warns not to share passwords. The users ignore that too."

Now the question. It seems to me that despite all the work being done in the security field, back in reality things have gone from bad to worse. People constantly sidestep the very systems that are put in place to protect them. Is anything being done in the computer security field to address this important "Human Factors" aspect?

--
Simon

Re:Weakest link: Between systems and people (0, Flamebait)

stratjakt (596332) | more than 11 years ago | (#5937166)

Yes, you just made the argument for the TCPA, and probably understand why it will quickly become ubiquitous in the workplace.

Re:Weakest link: Between systems and people (2, Insightful)

Simon (815) | more than 11 years ago | (#5937227)

Don't confuse the issue of computer security and usability with the issue of TCPA and 'securing' digital content from customers. By doing so you are being fooled by Microsoft and the media companies.

It ain't the same thing...

--
Simon

Re:Weakest link: Between systems and people (2, Funny)

stratjakt (596332) | more than 11 years ago | (#5937312)

TCPA has nothing to do with Microsoft or digital content. It's a hardware spec. How it's used is up to the user.

You're being fooled by slashbot FUD.

Re:Weakest link: Between systems and people (3, Insightful)

JoeBuck (7947) | more than 11 years ago | (#5937518)

Users tend to ignore such warnings because similar warnings appear far too often for invalid reasons. This is not a new problem; Aesop wrote about the boy who cried wolf.

Stepping into a network security carerer. (5, Interesting)

Anonymous Coward | more than 11 years ago | (#5937186)

I'll be graduating this month with a shiny new BS in Computer Science. I've done plenty of Unix sysadmin work througout college and even deployed some high-interaction honeynets. I'm very interested in network security and systems programming. Do you have any advice for people in my situation who want to head into a career in network security?

Re:Stepping into a network security carerer. (2, Interesting)

Anonymous Coward | more than 11 years ago | (#5937477)

>I'll be graduating this month with a shiny new BS in Computer
>Science. I've done plenty of Unix sysadmin work througout college and
>even deployed some high-interaction honeynets. I'm very interested in
>network security and systems programming. Do you have any advice for
>people in my situation who want to head into a career in network
>security?
>

I've recently landed my first job as a pen-tester. To get here I spent the last eight years reading everything I could get my hands on regarding information security: books, white papers, man pages etc. More importantly it's important to get direct experience of as much of the theory as possible. Run up a few machines as a local network. Sniff the wire. See how a Windows box looks from Linux, and vice versa. Use and understand the differences between OpenBSD and Linux. Try to download, compile and test new tools whenever you see them mentioned. Break into your own machines. Ask yourself how you would prevent that attack working. Fix it, start again. Put up an undefended default install on a cable modem with a stealth IDS / tcpdump running; watch the kiddies come running. Watch them at play (important: do NOT let them jump out of your box and attack others!) repeat with other OSes. read bugtraq, full disclosure, nanog, incidents. Read as many O'Reillys as possible. Learn Perl. Learn C. Learn Visual Basic. (no, really,.. you'd be surprised how useful that can be when it comes to ASP apps :) Always remember you have more to learn. Try to get a broad AND deep knowledge - you want to avoid the trap of becoming a guru of a very narrow field; security people have to be generalists to some extent (you know what AppleTalk looks like on the wire? NetBIOS? ftp?) Read, read, read. If you're still doing it after five years (during which time you are working in IT, but unlikely to be in a security role: sadly very few companies, except the biggest, spare resources for dedicated info-sec people) *and still enjoying it* - that is, you would still be doing it even if you weren't trying to break into the field - then you'll be good when you finally get what you want.
Stick at it: it's soooo worth it. I've had more fun in the last six months than in the previous 8 years combined. And, to my surprise, I've found myself feeling a strange... pride? no, 'responsibility' is closer I think - when I was told that a pentest I performed on a local utility, during which I got some sensitive personel data and some highly sensitive, uh, 'test results', was being conducted due to the generalised review of security post Sept. 91. And I realised that in a a very small way, I'm making the world a better place. I really hadn't expected that, hadn't really thought about it in the context of work (Free software, yes! :) and it really did make all the fucked relationships, tedious nights curled up with a boring mad page or another vacuous commercial whitepaper on "the hacker threat!" and abottle of wine for company, worthwhile.

Best of luck!

Re:Stepping into a network security carerer. (0)

Anonymous Coward | more than 11 years ago | (#5937555)

>I'll be graduating this month with a shiny new
>BS in Computer Science.

The abbreviation "BS" is familiar to me only meaning "bullshit". I assume you did not mean that. So what's the real meaning here?

The Relevance of Low-Level Tools (4, Interesting)

Jouster (144775) | more than 11 years ago | (#5937210)

As more and more applications are written from a standard base (servlets on a J2EE server, PHP under Apache interfaced via HTTP instead of a proprietary protocol, etc.), how relevant are low-level tools? The proliferation of high-level applications means that that OS becomes almost irrelevant--the firewall only allows HTTP through, and a load balancer tosses requests to different servers that might very well be hetrogenous insofar as operating systems and other low-level implementation details are concerned.

Given all of this, what motivation is there for a modern CS student to learn things like the 3-way TCP handshake, or the differences in implementations in various TCP/IP stacks, when the base level of the equation is irrelevant from a security standpoint? How can I convince our network administrators that it's worthwhile to learn something other than JNDI when it comes to network protocols; that for security and network troubleshooting, nothing will ever top a simple Ethereal packet trace?

Jouster

Perception of Access (4, Interesting)

Lieutenant_Dan (583843) | more than 11 years ago | (#5937212)

What would you say is the line where someone's activity could be considered "unauthorized access"?

How do we preferentially improve white-hat work? (5, Interesting)

swordgeek (112599) | more than 11 years ago | (#5937214)

Given that effectively ANY tool can be used for good or evil, and also given that we can't completely eliminate risk...

How can we develop and promote the state-of-the-art in security (tools, understanding, knowledge) while giving as few gems as possible to the criminal wannabes of the world? In other words, how can we bias the work and research towards the defensive, rather than progress that's either neutral or preferentially offensive?

Assurance, not blocking attacks (5, Insightful)

Frater 219 (1455) | more than 11 years ago | (#5937215)

It seems to me that security efforts have focused too strongly on detecting and blocking known categories of attacks, rather than on creating systems which are secure against innovative future attacks. There are projects for which this isn't the case, such as OpenSSH (and OpenBSD in general), but the preponderance of security work seems to be profoundly backward-looking.

Naturally, fighting in the dirt with the black hats is a lot "sexier" and more entertaining than building highly robust and reliable systems which will guarantee future security. The popularity of honeypots with security hobbyists (as opposed to researchers) seems to be a result of this: people enjoy seeing the attacker flummoxed, feeling superior to him, defeating him. Yet this doesn't really result in the improvement of security against new attacks, and it arguably distracts from that purpose.

I'm interested to know where you see progress in security assurance, as opposed to scanning or blocking of old, known attacks. Who else, besides OpenBSD, is in the camp of improving the guarantees that systems provide their users: guarantees such as W^X, packet normalization, and so forth?

Legal implications (5, Interesting)

paranode (671698) | more than 11 years ago | (#5937234)

A recent SecurityFocus article talks about possible legal implications for people who administer honeypots (here [securityfocus.com] ). Do you feel that this is a legitimate concern, and have you or your colleagues run into any legal issues with honeypots or the use of Nmap and similar tools? Thank you.

Interesting stories involving nmap? (5, Interesting)

Neologic (48268) | more than 11 years ago | (#5937240)

nmap has obviously become a huge success in the *nix world. I would wager that practically all sysadmins and security folk use nmap. With this sort of use by such creative and lazy people, there must have been some interesting stories involving nmap, perhaps unusual uses of it, or funny anecdotes. Are there any you would like to share?

What could best be done to create secure networks? (4, Interesting)

drinkypoo (153816) | more than 11 years ago | (#5937243)

Currently attempts to secure networks depend on "band-aids" over inherent problems in the design of protocols and protocol implementations (software.) Relatively little effort has gone into solving security problems before they are created. I know IPv6 has taken some steps in the right direction - where would you start?

Open port... what now? (2, Interesting)

Anonymous Coward | more than 11 years ago | (#5937275)

Why do you think system administrators (more so NT) do not have the ability to figure out what program/daemon is keeping the port open on their systems?

After a user uses nmap to enumerate open ports on their systems, what tools should they use to determine what prgram is keeping that port open?

Have you ever been tempted to use your gifts (5, Interesting)

Tim_F (12524) | more than 11 years ago | (#5937287)

in a negative manner?

Have you ever hacked into someone else's computer? Have you ever considered it? What would cause you to think of doing this? Would your tools (nmap, etc.) be enough to allow you to do this?

And if you haven't, why is that the case?

Re:Have you ever been tempted to use your gifts (0)

Anonymous Coward | more than 11 years ago | (#5937402)

I can answer this -

He hacked into SumDeusExMachina's computer, took screenshots of personal information, posted them to the world wide web. He used many of his tools in the breakin.

The cause was the word "wanker," which can send Fyodor into fits of rage.

Kitchen-Sink-over-HTTP (5, Interesting)

Jouster (144775) | more than 11 years ago | (#5937306)

A modern firewall administrator has a very easy job, it seems--all her users care about is their DNS service and their Web access (and, with a good Web proxy, you don't even really need to have an inward-facing Internet-recursive DNS). Indeed, most users blithely assume that "The Internet" and "The Web" are the same entity.

A modern protocol designer has to choose between efficient data representation and firewall penetration. She will almost always choose the latter. Thus we have a thousand X-over-HTTP protocols, most of which are replicating services (like RPC) that are exactly what the firewall administrator was trying to block.

As everything becomes X-over-HTTP, how long will it be before we see stateful HTTP firewalls to block malicious kinds of data flowing over HTTP? And when firewall administrators again take the easy way out, blocking everything but "plain" HTTP, how do vendors send their data? Are we, in fact, turning the Internet into the Web? Eventually, it seems that application communication will just be a special case of a Web browser fetching a URL. By tunneling everything over HTTP, and eventually dropping even the tunneling, is the Internet in danger of becoming nothing but the Web--sure, there are other services running, but nobody but the occasional network admin on an un-firewalled network can reach them?

Jouster

Ho w low can I go (0)

Anonymous Coward | more than 11 years ago | (#5937309)

My sister (a mac user) wants to set up a wireless node in her apartment. This worried me bwecause the building is fairly large and she lives right next to a fairgrounds which, as a singnificant collection point for both those-without-links and those-with-nothing-better-to-do, may significantly increase the incidenence of war driving. I told her that if she really wanted to keep people from messing with her link and computer she would need to set up a wireless *nix server with a firewall. This has proved somewhat problematic because of the limited help i am able to give her and I am wondering if there is something simpler we might be able to get away with. The kind of intrusion she is likely to deal with is probably going to be infrequent and casual.

Re:Ho w low can I go (0)

Anonymous Coward | more than 11 years ago | (#5937338)

The kind of intrusion she is likely to deal with is probably going to be infrequent and casual.

While I would call it "casual," I don't know if 4 times a week could be considered "infrequent."

PS she gives mad good head.

What are... (-1)

Anonymous Coward | more than 11 years ago | (#5937364)

your IP and root password?

Question (-1, Redundant)

pleisher (133362) | more than 11 years ago | (#5937398)

The password to the root account on my server is "password"

Is that a good password? How would you recommend improving my password?

Nope. (0)

Anonymous Coward | more than 11 years ago | (#5937564)

Use blank instead. Nobody ever thinks of that one. And I mean literally "blank" not an empty one.

Are you still hacking slashdot users? (-1, Interesting)

Real World Stuff (561780) | more than 11 years ago | (#5937439)

I recall last year you hacked a slashdot user and publicly posted that information to your site. Fortunately it was archived prior to you removing it, and is available via cache search.

Odds are this will be modded down as it is contrary to the blind doe-eyed fan-boisticism. I am genuinely curious.

LAST POST! (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5937446)

Aproprops to MAUS, GABE, SANTA, and all my dead homiez at RIT and NAZZZ

Feature for nmap (4, Interesting)

CausticWindow (632215) | more than 11 years ago | (#5937474)

I've been using nmap for quite some time now, and it's an excellent tool by all accounts.

My question is, do you plan to implement firewall discovery? Instead of just reporting what ports are open, you could report:

- closed
- opened
- filtered (no reply)
- firewalled (firewall reply)

Like suggested in the latest phrack.

Best Security Advice? (4, Interesting)

Krieger (7750) | more than 11 years ago | (#5937498)

I've been doing network security for a while now, but I still have yet to find a nice single sentence summary for why security is necessary, that is easily understood by everyone who hears it from the techie to the manager.

Do you have any suggestions?

What makes a honey net enticing? (5, Interesting)

cornice (9801) | more than 11 years ago | (#5937523)

It seems that many of the honey nets that the average hobbyist would run are built to attract a lesser cracker. What I mean is that ports are left open that normally would not be left open. Services are running that normally should not, etc. I that that a really smart fish would see this as nothing but a cheap lure and refuse the bait. Do you think it's possible to fool the really smart fish? Is is possible to bait with something enticing enough without tipping off the big fish? Does publication of your work make this task more difficult?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>