insecure.org · Domains · Slashdot Mirror

Nmap too! by fv · 2006-05-02 16:10 · Score: 5, Interesting · on Summer of Code Now Taking Student Applications

If I may be excused for pimping my project too, we are seeking summer developers for the Nmap Security Scanner. Last year's program was a lot of fun, and we accomplished some really cool projects. This year we have made a new list of project ideas, including:

Create a new graphical frontend and powerful results viewer
Generate graphical maps from the Nmap XML output (you can take inspiration from projects like fe3d and Cheops/Cheops-NG).
Create a web interface for scanning your networks and reporting the results.
Become a performance Czar, whipping out your profilers and introducing your own algorithms to make Nmap run even faster while using fewer resources.
Create a brand new interpretation of the venerable Netcat and Hping utilities.
Add scripting/module support to Nmap so it can be used for vulnerability assessment or more intrusive application discovery.

I think those are some of the coolest projects, though the page lists others (and is always growing as I get new ideas). And don't forget, you can always propose any new idea you come up with -- don't feel limited to that list.

And while we hope you consider Nmap, remember that you can increase your odds by applying to multiple projects. I've seen some pretty cool ideas from the other organizations.

-Fyodor

Nmap too! by fv · 2006-05-02 16:10 · Score: 5, Interesting · on Summer of Code Now Taking Student Applications

If I may be excused for pimping my project too, we are seeking summer developers for the Nmap Security Scanner. Last year's program was a lot of fun, and we accomplished some really cool projects. This year we have made a new list of project ideas, including:

Create a new graphical frontend and powerful results viewer
Generate graphical maps from the Nmap XML output (you can take inspiration from projects like fe3d and Cheops/Cheops-NG).
Create a web interface for scanning your networks and reporting the results.
Become a performance Czar, whipping out your profilers and introducing your own algorithms to make Nmap run even faster while using fewer resources.
Create a brand new interpretation of the venerable Netcat and Hping utilities.
Add scripting/module support to Nmap so it can be used for vulnerability assessment or more intrusive application discovery.

I think those are some of the coolest projects, though the page lists others (and is always growing as I get new ideas). And don't forget, you can always propose any new idea you come up with -- don't feel limited to that list.

And while we hope you consider Nmap, remember that you can increase your odds by applying to multiple projects. I've seen some pretty cool ideas from the other organizations.

-Fyodor

Re:Smithy Code? by Anonymous Coward · 2006-04-27 06:16 · Score: 0 · on Judge Creates Own Da Vinci Code

Oh, come on, name me one major hollywood movie with more realistic IT in it.

That would be Trinity using nmap in Matrix Reloaded.

Traffic Comparable in Some Respects by fv · 2006-04-20 08:00 · Score: 2, Interesting · on Growing Censorship Concerns at Digg

Digg has an obsession with Alexa stats that has lead many Digg users to install Alexa for the sake of adding to the view count for Digg.

That may be, but the site popularity is comparable in at least some metrics. For example, a Digg link can generate more traffic to target sites than even the notorious Slashdot Effect. For example, the big Nmap 4.00 release was covered by both Slashdot and Digg. According to my referrer logs, Slashdot delivered a respectable 4,934 hits, while Digg brought more than twice as many (11,349). An article in Heise.De generated more traffic than either of them.

Of course there could be other explanations for these results. Maybe it is just more evidence for the sterotype that Sladhot readers don't RTFA. And I realize there are many other variables involved -- but the results surprised me.

-Fyodor (still a loyal /. reader)

Traffic Comparable in Some Respects by fv · 2006-04-20 08:00 · Score: 2, Interesting · on Growing Censorship Concerns at Digg

Digg has an obsession with Alexa stats that has lead many Digg users to install Alexa for the sake of adding to the view count for Digg.

That may be, but the site popularity is comparable in at least some metrics. For example, a Digg link can generate more traffic to target sites than even the notorious Slashdot Effect. For example, the big Nmap 4.00 release was covered by both Slashdot and Digg. According to my referrer logs, Slashdot delivered a respectable 4,934 hits, while Digg brought more than twice as many (11,349). An article in Heise.De generated more traffic than either of them.

Of course there could be other explanations for these results. Maybe it is just more evidence for the sterotype that Sladhot readers don't RTFA. And I realize there are many other variables involved -- but the results surprised me.

-Fyodor (still a loyal /. reader)

Nmap project was a great success by fv · 2006-04-14 10:43 · Score: 5, Informative · on Summer of Code 2006 is On

What will GOOG do to stop the same outright shambles this time round?

The page you linked to says nothing about outright shambles. He specifically says "I don't want this post to be seen as bashing either SoCcers or mentors". The page offers some excellent comments and suggestions for 2006, and I'm glad to see that Google is listening (Chris responded in the comments). Some of the suggestions are also meant for us mentors. The Nmap project is proud to have been invited to participate in SoC again for 2006, and we are looking forward to it!

You can call it "outright shambles" if you want, but all the emails I have from participants talking about how much they learned and enjoyed the program speak otherwise. And was it valuable to the Nmap project too? Take a look at their efforts and decide for yourself:

Doug Hoyte nearly tripled the size of the version detection database, and added OS/device type/hostname detection using the version detection DB. He made numerous other improvements as well.
Zhao Lei added more than 350 OS detection fingerprints to Nmap, bringing the total to 1684. He also helped design a 2nd generation OS detection (stack fingerprinting) system.
Adriano Monteiro designed and implemented an advanced Nmap GUI and results viewer named UMIT (screenshots).
Ole Morten Grodaas designed and implemented another advanced Nmap GUI and results viewer (its nice to have choices in open source!) named NmapGUI. Details and download here)
Chris Gibson has written a sweet little network tool named Ncat, which takes the venerable Netcat in an interesting and extremely useful direction with features such as connection brokering, socks proxying, and much more.
Paul Tarjan added the runtime interaction feature to Nmap. While Nmap is running, you can now press 'v' to increase verbosity, 'd' to increase the debugging level, 'p' to enable packet tracing, or the capital versions (V,D,P) to do the opposite. Any other key (such as enter) will print out a status message giving the estimated time until scan completion.

They did much more -- these are just some of the highlights. So I, for one, am looking forward to continuing these outright shambles again this year! But at the same time, there is always room for improvements . So I appreciate Gerv's constructive criticism.

-Fyodor

Nmap project was a great success by fv · 2006-04-14 10:43 · Score: 5, Informative · on Summer of Code 2006 is On

What will GOOG do to stop the same outright shambles this time round?

The page you linked to says nothing about outright shambles. He specifically says "I don't want this post to be seen as bashing either SoCcers or mentors". The page offers some excellent comments and suggestions for 2006, and I'm glad to see that Google is listening (Chris responded in the comments). Some of the suggestions are also meant for us mentors. The Nmap project is proud to have been invited to participate in SoC again for 2006, and we are looking forward to it!

You can call it "outright shambles" if you want, but all the emails I have from participants talking about how much they learned and enjoyed the program speak otherwise. And was it valuable to the Nmap project too? Take a look at their efforts and decide for yourself:

Doug Hoyte nearly tripled the size of the version detection database, and added OS/device type/hostname detection using the version detection DB. He made numerous other improvements as well.
Zhao Lei added more than 350 OS detection fingerprints to Nmap, bringing the total to 1684. He also helped design a 2nd generation OS detection (stack fingerprinting) system.
Adriano Monteiro designed and implemented an advanced Nmap GUI and results viewer named UMIT (screenshots).
Ole Morten Grodaas designed and implemented another advanced Nmap GUI and results viewer (its nice to have choices in open source!) named NmapGUI. Details and download here)
Chris Gibson has written a sweet little network tool named Ncat, which takes the venerable Netcat in an interesting and extremely useful direction with features such as connection brokering, socks proxying, and much more.
Paul Tarjan added the runtime interaction feature to Nmap. While Nmap is running, you can now press 'v' to increase verbosity, 'd' to increase the debugging level, 'p' to enable packet tracing, or the capital versions (V,D,P) to do the opposite. Any other key (such as enter) will print out a status message giving the estimated time until scan completion.

They did much more -- these are just some of the highlights. So I, for one, am looking forward to continuing these outright shambles again this year! But at the same time, there is always room for improvements . So I appreciate Gerv's constructive criticism.

-Fyodor

Nmap project was a great success by fv · 2006-04-14 10:43 · Score: 5, Informative · on Summer of Code 2006 is On

What will GOOG do to stop the same outright shambles this time round?

The page you linked to says nothing about outright shambles. He specifically says "I don't want this post to be seen as bashing either SoCcers or mentors". The page offers some excellent comments and suggestions for 2006, and I'm glad to see that Google is listening (Chris responded in the comments). Some of the suggestions are also meant for us mentors. The Nmap project is proud to have been invited to participate in SoC again for 2006, and we are looking forward to it!

You can call it "outright shambles" if you want, but all the emails I have from participants talking about how much they learned and enjoyed the program speak otherwise. And was it valuable to the Nmap project too? Take a look at their efforts and decide for yourself:

Doug Hoyte nearly tripled the size of the version detection database, and added OS/device type/hostname detection using the version detection DB. He made numerous other improvements as well.
Zhao Lei added more than 350 OS detection fingerprints to Nmap, bringing the total to 1684. He also helped design a 2nd generation OS detection (stack fingerprinting) system.
Adriano Monteiro designed and implemented an advanced Nmap GUI and results viewer named UMIT (screenshots).
Ole Morten Grodaas designed and implemented another advanced Nmap GUI and results viewer (its nice to have choices in open source!) named NmapGUI. Details and download here)
Chris Gibson has written a sweet little network tool named Ncat, which takes the venerable Netcat in an interesting and extremely useful direction with features such as connection brokering, socks proxying, and much more.
Paul Tarjan added the runtime interaction feature to Nmap. While Nmap is running, you can now press 'v' to increase verbosity, 'd' to increase the debugging level, 'p' to enable packet tracing, or the capital versions (V,D,P) to do the opposite. Any other key (such as enter) will print out a status message giving the estimated time until scan completion.

They did much more -- these are just some of the highlights. So I, for one, am looking forward to continuing these outright shambles again this year! But at the same time, there is always room for improvements . So I appreciate Gerv's constructive criticism.

-Fyodor

NMAP that distribution site, bitches by Anonymous Coward · 2006-03-26 13:56 · Score: 0 · on Al-Qaeda Hacker Caught

So, when al-Queda distribution centers uses Microsoft .... come on. Seriously, if the guy was functioning in a "hacker" way ..... hehe... stupid
sudo nmap -sS -oO -P0 www.alaflam.net
Password:

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-03-26 20:50 EST
Interesting ports on ip-140-154-146.phx.extremezone.com (64.140.154.146):
(The 1651 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
3372/tcp open msdtc
3389/tcp open ms-term-serv

Re:i'm a unix sysadmin, here's my top ten list by Khopesh · 2006-03-24 06:50 · Score: 3, Informative · on Sysadmin Toolbox Top Ten

oops, forgot nmap and poke.

poke is a shell function I wrote, as I needed to test network capability in a place that blocked ICMP traffic. It returns true when it can make a connection, or false otherwise. You may wish to add reporting; just uncomment the second line.

poke() { echo X |telnet -e X $1 80 >/dev/null 2>&1 #[ $? = 0 ] && echo connected to $1 || echo failed to connect to $1 >&2|false }

Also please note that I purposefully left anything that is in standard installs (yes, Redhat fails to install cvs and vim-enhanced in its "server" config).

Re:Is scanning a network illegal? by Handpaper · 2006-03-01 14:56 · Score: 1 · on Professor 'Packetslinger' Assigns Questionable Task

You can argue me all you want, but just try nmaping fbi.gov and then you can explain it to the FBI and the courts when they knock on your door.

I'm in the UK, they'll need long arms to knock on my door :)
[root@ArMaDillo]#nmap -P0 -A www.fbi.gov

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2006-03-02 02:37 GMT
Interesting ports on 194.217.240.73:
(The 1655 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
22/tcp open ssh Akamai-I SSH (protocol 1.99)
80/tcp open http AkamaiGHost (Akamai's HTTP Acceleration/Mirror service)
443/tcp open ssl/http AkamaiGHost (Akamai's HTTP Acceleration/Mirror service)
500/tcp open isakmp?
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux Kernel 2.4.18 - 2.5.70 (X86), Linux 2.4.20 (Itanium), Linux Kernel 2.4.3 SMP (RedHat), Linux 2.6.0-test5 - 2.6.0 (X86)
Uptime 24.941 days (since Sun Feb 5 04:04:03 2006)

Nmap run completed -- 1 IP address (1 host up) scanned in 78.020 seconds

Buggers must get DDoS'ed quite a bit, they're using Akamai's caching network. Nice the see the feds supporting Linux :)

The point remains though, that I've still done nothing illegal, either here or there. If I so choose, I can do an nmap run on mod.gov.uk (the Ministry of Defence), mi5.gov.uk (the Security Service) or sis.gov.uk (the Secret Intelligence Service). There can be no crime in requesting standards-compliant information from a public-facing machine. Sensitive information will not be on those machines and should not even be accessible from them.
The really important stuff shouldn't even be on a networked computer.

PS - www.sis.gov.uk is running Apache-AdvancedExtranetServer on Linux and doesn't seem to care who knows it :)

Re:No signed source code? by Anonymous Coward · 2006-01-31 09:08 · Score: 5, Informative · on Nmap 4.00 Released

Would be nice if he signed the tarball with a pgp key.

He did. See Verifying the integrity of Nmap downloads.

Comparison to Nessus by yesnoyes · 2006-01-31 08:42 · Score: 5, Insightful · on Nmap 4.00 Released

My favorite part of the release announcement actually relates to Nessus:

A popular open source security scanner recently went proprietary, complaining that their community never contributes much. We are sorry to hear that, but happy to report that the Nmap community is as vibrant and productive as ever! We would like to acknowledge and thank the many people who contributed ideas and/or code to this release (since 3.50). Special thanks go out to Adam Kerrison, Adam Morgan, Adriano Monteiro Marques, Alan Bishoff [ huge list goes on and on ... ]

So if Nessus can't get enough help, maybe that says more about how they run the project than their suggestion of an open source community of leeches who don't contribute back.

Re:I can speak to this by SComps · 2006-01-25 05:26 · Score: 1 · on Microsoft Agrees to License Windows Source Code

Not quite.

Article Summary is Wrong by fv · 2006-01-21 16:28 · Score: 3, Informative · on Saving Energy in Small Office Buildings

Roland's article summary is wrong. He says that the algorithm "promises to reduce energy consumption -- and electricity bills -- by as much as 30 percent", but the article states that "When the thermostat settings are adjusted in an optimal fashion, the result is a 25 percent to 30 percent reduction in peak electrical demand for air conditioning.". So extra cooling before peak hours certainly reduces your peak AC usage, but you won't reduce your total electrical consumption much. Unless your utility charges you less for non-peak usage (some do), then the article states that you may get "about $50 in annual savings per 1,000 square feet of building space". In other words, your total electrical usage stays basically the same.

-Fyodor
Version 3.95 of the Free Nmap Security Scanner is now available.

Article Summary is Wrong by fv · 2006-01-21 16:28 · Score: 3, Informative · on Saving Energy in Small Office Buildings

Roland's article summary is wrong. He says that the algorithm "promises to reduce energy consumption -- and electricity bills -- by as much as 30 percent", but the article states that "When the thermostat settings are adjusted in an optimal fashion, the result is a 25 percent to 30 percent reduction in peak electrical demand for air conditioning.". So extra cooling before peak hours certainly reduces your peak AC usage, but you won't reduce your total electrical consumption much. Unless your utility charges you less for non-peak usage (some do), then the article states that you may get "about $50 in annual savings per 1,000 square feet of building space". In other words, your total electrical usage stays basically the same.

-Fyodor
Version 3.95 of the Free Nmap Security Scanner is now available.

Re:Does anyone know... by oztiks · 2006-01-13 04:55 · Score: 1 · on Behind the Scenes at Hotmail

This looks like it isn't v accurate but

fortress:/home/oztiks# nmap -O -P0 -p 25-26 mail.hotmail.com

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-01-14 02:42 EST
Warning: OS detection will be MUCH less reliable because we did not find at lea st 1 open and 1 closed TCP port
Interesting ports on mail.hotmail.com (65.54.244.40):
PORT STATE SERVICE
25/tcp open smtp
26/tcp filtered unknown
Device type: general purpose
Running (JUST GUESSING) : Cray UNICOS 8.X (91%)
Aggressive OS guesses: Cray UNICOS/mk 8.6 (91%)
No exact OS matches for host (test conditions non-ideal).

Strictly software... by Noryungi · 2006-01-09 01:02 · Score: 5, Informative · on Top Ten Open Source Projects

Watch out, since this is heavily sysadmin biased...

Slackware Linux. Still the best after all this time.
OpenBSD. Just because you are paranoid does not mean they are not out there trying to get you.
OpenSSH. Because you just can't use plain text telnet anymore.
Rsync. Just because.
GNU Screen. Triple your terminal productivity. Now with minty-fresh taste!
GNU Wget. Because you have better thing to do than watch over a download.
Vim.Because Emacs is for losers.
Nmap. Look at 'OpenBSD' above.
IPTables. Lock that machine down, admin boy.
pf. I said, lock that machine down , admin boy!

Of course, number 11 is Google, Google, and Google. But that's neither software nor open-source.

Re:must be more zero tolerance by Derek+Pomery · 2006-01-06 17:14 · Score: 2, Informative · on Felony For Refreshing a Web Page?

Starting nmap 3.83.DC13 ( http://www.insecure.org/nmap/ ) at 2006-01-07 00:06 EST
Interesting ports on 66.144.97.98:
(The 1665 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
80/tcp closed http
110/tcp open pop3

Interesting. Look like they just shut down HTTP.
Guess they are waiting for this to blow over.
I mean - it could just be on different machines, or have crashed the server, but POP was still quite responsive.

Re:Alright, Names Do Matter by Anonymous Coward · 2005-12-27 11:06 · Score: 0 · on Linux's Difficulty with Names

'Go to the menu, select "Multimedia" then "Movie Player"'

More like "$ vlc". Like it or not, the command line is the most important part of taking full advantage of using a Unix-like operating system. It's the coolest of all features; for example, day to day file operations doesn't take half the time you'd need for drag'n'drop. And besides, it's intelligent.

Failed my check by MECC · 2005-12-16 02:12 · Score: 1 · on Windows Gets Independent Security Certification

$ nmap windows2k

Starting Nmap 3.95 ( http://www.insecure.org/nmap/ )
Interesting ports on windows2k:
(The 1662 ports scanned but not shown below are in state: closed)

135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds

Since actually using windows requires this kind of setup, and closing these ports usually breaks things like outlook and filesharing, I'd say in such cases, windows is still a security failure. At least until the netbios protocol stack gets fixed or removed which seems unlikely.

airforce and cyberspace? by brys · 2005-12-09 02:38 · Score: 0 · on The New Air Force Mission?

mig@rub:~$ nmap f16-1024.airforce.gov Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-12-09 14:59 CET Interesting ports on f16-1024.airforce.gov (12.34.56.78): (The 1649 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 25/tcp open bombs 53/tcp open nailgun 80/tcp open mavericks 139/tcp open nukes Nmap finished: 1 IP address (1 host up) scanned in 0.293 seconds mig@rub:~$

Re:GPL resistance? by fpu · 2005-11-26 09:58 · Score: 4, Informative · on Nessus 3.0 discussed

Fyodor (author of NMAP) posted about Nessus going closed source in the nmap-hackers mailing list some weeks ago. It seems that Teenable's main point is not GPL-resistance from the enterprise customers, but rather the fact that there has been almost zero code contributed to Nessus, and that by providing its source, they were helping a lot of companies that could be classified as their competitors. I, for one, can see their point, even if I am a strong advocate of free software (free as in FSF, not OSF).

However, as has already been stated, that does not mean this is the end of free Nessus -- it will still be free, except we no longer will be able to look under the hood. Since many of us automate Nessus directly through the command line client and parsing of NBE files, I believe that this will impact very little even power users.

nmap results by khasim · 2005-11-08 06:04 · Score: 1 · on Linux Lupper.Worm In the WIld

192.50.74.27
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:49 PST
All 1663 scanned ports on 192.50.74.27 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 38.322 seconds

========

195.200.183.229
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:51 PST
Interesting ports on 195.200.183.229:
(The 1661 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http

Nmap finished: 1 IP address (1 host up) scanned in 62.432 seconds

========

200.218.224.224
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:53 PST
All 1663 scanned ports on 200.218.224.224 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 39.839 seconds

========

202.123.223.148
I killed the process after 2 minutes.

========

210.109.194.231
I killed this one too.

========

211.155.246.38
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 10:01 PST
All 1663 scanned ports on 211.155.246.38 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 38.386 seconds

========

Okay, I'm stopping there. I was under the impression that I'd be seeing some open ports. I can only verify port 80 on ONE of those so far.

How OLD are those entries? Why does it appear that the problem, if it ever existed on those machines, has been cleared already?

nmap results by khasim · 2005-11-08 06:04 · Score: 1 · on Linux Lupper.Worm In the WIld

192.50.74.27
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:49 PST
All 1663 scanned ports on 192.50.74.27 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 38.322 seconds

========

195.200.183.229
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:51 PST
Interesting ports on 195.200.183.229:
(The 1661 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http

Nmap finished: 1 IP address (1 host up) scanned in 62.432 seconds

========

200.218.224.224
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:53 PST
All 1663 scanned ports on 200.218.224.224 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 39.839 seconds

========

202.123.223.148
I killed the process after 2 minutes.

========

210.109.194.231
I killed this one too.

========

211.155.246.38
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 10:01 PST
All 1663 scanned ports on 211.155.246.38 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 38.386 seconds

========

Okay, I'm stopping there. I was under the impression that I'd be seeing some open ports. I can only verify port 80 on ONE of those so far.

How OLD are those entries? Why does it appear that the problem, if it ever existed on those machines, has been cleared already?

nmap results by khasim · 2005-11-08 06:04 · Score: 1 · on Linux Lupper.Worm In the WIld

192.50.74.27
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:49 PST
All 1663 scanned ports on 192.50.74.27 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 38.322 seconds

========

195.200.183.229
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:51 PST
Interesting ports on 195.200.183.229:
(The 1661 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http

Nmap finished: 1 IP address (1 host up) scanned in 62.432 seconds

========

200.218.224.224
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:53 PST
All 1663 scanned ports on 200.218.224.224 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 39.839 seconds

========

202.123.223.148
I killed the process after 2 minutes.

========

210.109.194.231
I killed this one too.

========

211.155.246.38
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 10:01 PST
All 1663 scanned ports on 211.155.246.38 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 38.386 seconds

========

Okay, I'm stopping there. I was under the impression that I'd be seeing some open ports. I can only verify port 80 on ONE of those so far.

How OLD are those entries? Why does it appear that the problem, if it ever existed on those machines, has been cleared already?

nmap results by khasim · 2005-11-08 06:04 · Score: 1 · on Linux Lupper.Worm In the WIld

192.50.74.27
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:49 PST
All 1663 scanned ports on 192.50.74.27 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 38.322 seconds

========

195.200.183.229
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:51 PST
Interesting ports on 195.200.183.229:
(The 1661 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http

Nmap finished: 1 IP address (1 host up) scanned in 62.432 seconds

========

200.218.224.224
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 09:53 PST
All 1663 scanned ports on 200.218.224.224 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 39.839 seconds

========

202.123.223.148
I killed the process after 2 minutes.

========

210.109.194.231
I killed this one too.

========

211.155.246.38
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-11-08 10:01 PST
All 1663 scanned ports on 211.155.246.38 are: filtered

Nmap finished: 1 IP address (1 host up) scanned in 38.386 seconds

========

Okay, I'm stopping there. I was under the impression that I'd be seeing some open ports. I can only verify port 80 on ONE of those so far.

How OLD are those entries? Why does it appear that the problem, if it ever existed on those machines, has been cleared already?

Three considerations by VincenzoRomano · 2005-10-25 21:41 · Score: 5, Interesting · on Apache Webserver Surpasses 50 Million Website Mark

#1. Sites vs servers.
Netcraft states they count the sites while they don't mention whether they count 2nd level domains (foo.com), 3rd level domains (www.foo.com, support.foo.com) or what else. They just say they "received responses from 74,409,971 sites" while not defining what a site actually is.

#2. Growth.
There has been a growth of about 3.73% in the number of (so called) web sites. There must be some hidden winner(s). That is, there must be some group of web servers that is getting the great part of the growth all at once! Netcraft is failing to mention who they are!

#3. Webserver (or website) identification.
It's all but trivial to identify web servers. Are they using some special tool like amap and nmap or just looking at the server response content? How accurate this identification can be?

Open source network analysis tools by SgtChaireBourne · 2005-10-25 20:07 · Score: 1 · on Trying to Help a Troubled Network with Linux?

What tools and methods are the best practice when trying to use Linux and Open Source to analyze and fix a network?

These are some of the tools to consider, in no particular order:

Nagios
Snort
ethereal
dsniff (not updated in ages)
ncat
nmap
nessus v 2 (or one of the forks of version 3)
SARA

You'll have to read the descriptions to decide which ones to try.

top 75 list by LinuxGeekMobile · 2005-10-25 16:31 · Score: 2, Informative · on Trying to Help a Troubled Network with Linux?

More tools than you could learn in a reasonable timeframe can be found here: http://www.insecure.org/tools.html

I would have posted sooner, but T-Mobile's data coverage has been spotty since Wilma hit. Still no power or fuel, but at least I can can get my geek-fix now. :) (at least until my battery dies)

Advance Chapter: Nmap Reference Guide by fv · 2005-10-16 19:08 · Score: 5, Informative · on Interview with NMAP Creator Fyodor

The Nmap Network Scanning book isn't yet complete, but I have decided to release one of the most important chapters in advance online. That is this Nmap Reference Guide, which will become the new man page. It is rewritten from scratch to be much more comprehensive and detailed than the previous version, and better organized as well. It can be read top to bottom or used as a quick reference to look up that obscure scan type you are considering. Let me know if you have any suggestions for improving it. I'm also looking for translators (the previous man page is available in nine languages. If you are interested, send me mail with your target language. That way I can send you the source file (DocBook XML) to translate rather than the HTML/Nroff which is auto-generated. That will also prevent the case of several people duplicating effort by translating to the same language. I was planning to announce this tomorrow, but since the book seems to be mentioned at the top of Slashdot right now anyway, I just scrambled to put it up.