Slashdot Mirror

If I had that kind of suspicion and if it was router itself I was suspicious about, I would simply get the latest stable firmware for that particular model (be careful) and simply reinstall it over the router itself. It would be something like "format and install windows" I wouldn't really backup any settings on that case. Just make sure you know ISP login and pwd. Make sure they work, they haven't been changed at any point or you will end up speaking with Bangalore at 4 AM :)

A simple,fast port scanner exists at http://www.grc.com/ (shields up!) which really works, ignore Mr. Gibson's weird named inventions like "nano scan" etc. What I know is, it works. Oh also ignore its port 139 or "you aren't stealth" paranoia. 139 is client port and stealth would be good but you won't really die if you have nothing served.

For clients, don't re invent the wheel. NMAP is there, free and can run under win32 if you need. http://nmap.org/download.html , some instructions exist for detecting current security threats but I didn't really check since it is all OS X here, we have different issues than win32.

I'm sure movie producers everywhere are pleased to hear this.

"Damnit, Eddie, that version of nmap is out of date!"

I don't get it, what prevents the attacker to try every recent vulnerability on that host, and he even guess some information about operating environment based on server replies it's not like this hasn't been done before. I suppose your criticism is valid but, if the attacker is serious about breaking into a system running apache he's probably got some exploits for more common operating system anyway, so this makes things a little bit difficult, but not by much.

Hey, is it any surprise campus security are afraid of Command Line Interface Terrorism?

Yes, actually it is surprising. Anybody who has ever seen 24 knows that terrorists and the Government both rely on a single GUI interface for everything from tracking motor vehicles to taking over nuclear power plants.

Ahem...

It is probably running Linux and not a Windows Server. Really, now. Why would linux.com not run Linux servers?

When I tried the command the parent posted output for, I get something quite different.

nmap -sS -O -v linux.com

Starting Nmap 4.62 ( http://nmap.org/ )
Initiating Ping Scan at 11:03
Scanning 140.211.167.55 [2 ports]
Completed Ping Scan at 11:03, 0.25s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 11:03
Completed Parallel DNS resolution of 1 host. at 11:03, 0.73s elapsed
Initiating SYN Stealth Scan at 11:03
Scanning fossology.org (140.211.167.55) [1715 ports]
Discovered open port 80/tcp on 140.211.167.55
Discovered open port 443/tcp on 140.211.167.55
Discovered open port 22/tcp on 140.211.167.55
SYN Stealth Scan Timing: About 42.88% done; ETC: 11:04 (0:00:40 remaining)
Completed SYN Stealth Scan at 11:04, 77.09s elapsed (1715 total ports)
Initiating OS detection (try #1) against fossology.org (140.211.167.55)
Retrying OS detection (try #2) against fossology.org (140.211.167.55)
Host fossology.org (140.211.167.55) appears to be up ... good.
Interesting ports on fossology.org (140.211.167.55):
Not shown: 1712 filtered ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|WAP|switch|storage-misc|print server|remote management|broadband router
Running (JUST GUESSING) : FreeBSD 6.X (91%), Linux 2.6.X (86%), Actiontec Linux 2.4.X (85%), HP embedded (85%), Linksys embedded (85%), Netgear embedded (85%), Buffalo embedded (85%)
Aggressive OS guesses: FreeBSD 6.2-RELEASE (91%), Linux 2.6.24 (Debian) (86%), HP Brocade 4100 switch; or Actiontec MI-424-WR, Linksys WRVS4400N, or Netgear WNR834B wireless broadband router (85%), Buffalo TeraStation NAS device (85%), HP 4200 PSA (Print Server Appliance) model J4117A (85%), HP Onboard Administrator management console (85%), HP Brocade 4Gb SAN switch (85%), Linksys WRV200 wireless broadband router (85%), Linksys WAP54G WAP (85%), Linksys WRT300N wireless broadband router (85%)
No exact OS matches for host (test conditions non-ideal).

Nmap done: 1 IP address (1 host up) scanned in 87.182 seconds
                      Raw packets sent: 5216 (233.304KB) | Rcvd: 39 (2500B)

In my day, we just ran nmap on remote Linux boxes.

lg:~ root# nmap -sV -O -p 25,80,443 -PN -n www.hotmail.com

Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Warning: Hostname www.hotmail.com resolves to 12 IPs. Using 64.4.38.249.
Interesting ports on 64.4.38.249:
PORT STATE SERVICE VERSION
25/tcp filtered smtp
80/tcp open http Microsoft IIS webserver 6.0
443/tcp filtered https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING) : FreeBSD 6.X (85%)
Aggressive OS guesses: FreeBSD 6.2-RELEASE (85%)
No exact OS matches for host (test conditions non-ideal).
Service Info: OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.76 seconds
lg:~ root# nmap -sV -O -p 80 -PN -n xxx.xxx.xxx.xxx

Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Interesting ports on xxx.xxx.xxx.xxx:
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 6.0
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
Service Info: OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.46 seconds
lg:~ root#

The second server is obviously a known IIS/Win2003 box.

lg:~ root# nmap -sV -O -p 25,80,443 -PN -n www.hotmail.com

Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Warning: Hostname www.hotmail.com resolves to 12 IPs. Using 64.4.38.249.
Interesting ports on 64.4.38.249:
PORT STATE SERVICE VERSION
25/tcp filtered smtp
80/tcp open http Microsoft IIS webserver 6.0
443/tcp filtered https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING) : FreeBSD 6.X (85%)
Aggressive OS guesses: FreeBSD 6.2-RELEASE (85%)
No exact OS matches for host (test conditions non-ideal).
Service Info: OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.76 seconds
lg:~ root# nmap -sV -O -p 80 -PN -n xxx.xxx.xxx.xxx

Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Interesting ports on xxx.xxx.xxx.xxx:
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 6.0
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
Service Info: OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.46 seconds
lg:~ root#

The second server is obviously a known IIS/Win2003 box.

lg:~ root# nmap -sV -O -p 25,80,443 -PN -n www.hotmail.com

Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Warning: Hostname www.hotmail.com resolves to 12 IPs. Using 64.4.38.249.
Interesting ports on 64.4.38.249:
PORT STATE SERVICE VERSION
25/tcp filtered smtp
80/tcp open http Microsoft IIS webserver 6.0
443/tcp filtered https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING) : FreeBSD 6.X (85%)
Aggressive OS guesses: FreeBSD 6.2-RELEASE (85%)
No exact OS matches for host (test conditions non-ideal).
Service Info: OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.76 seconds
lg:~ root# nmap -sV -O -p 80 -PN -n xxx.xxx.xxx.xxx

Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Interesting ports on xxx.xxx.xxx.xxx:
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 6.0
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
Service Info: OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.46 seconds
lg:~ root#

The second server is obviously a known IIS/Win2003 box.

lg:~ root# nmap -sV -O -p 25,80,443 -PN -n www.hotmail.com

Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Warning: Hostname www.hotmail.com resolves to 12 IPs. Using 64.4.38.249.
Interesting ports on 64.4.38.249:
PORT STATE SERVICE VERSION
25/tcp filtered smtp
80/tcp open http Microsoft IIS webserver 6.0
443/tcp filtered https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING) : FreeBSD 6.X (85%)
Aggressive OS guesses: FreeBSD 6.2-RELEASE (85%)
No exact OS matches for host (test conditions non-ideal).
Service Info: OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.76 seconds
lg:~ root# nmap -sV -O -p 80 -PN -n xxx.xxx.xxx.xxx

Starting Nmap 4.76 ( http://nmap.org/ ) at 2009-02-[snip]
Interesting ports on xxx.xxx.xxx.xxx:
PORT STATE SERVICE VERSION
80/tcp open http Microsoft IIS webserver 6.0
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2
Service Info: OS: Windows

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.46 seconds
lg:~ root#

The second server is obviously a known IIS/Win2003 box.

maybe you haven't looked very hard then by the way it is kind of rude to write without capitals and interpunction

"The 1962 song Wipe Out , with its energetic drum solo started, was the impetus for many people to take up playing the drums. Similarly, Nmap, the legendary network scanner, likely interested many in the art of hacking, and for some, started a career for security professionals and hackers. Nmap and its creator Fyodor need no introduction to anyone on Slashdot. With that, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, is a most useful guide to anyone interested in fully utilizing Nmap."

Obligatory link to the Movies featuring Nmap page. Enjoy.

Have they included a network mapping function yet? They announced it as a GSoC project last year I think, did they get around to hack some graphical map output?

Good question--and yes, we have! Full details on this feature, including screen shots, are provided in Section 12.5, "Surfing the Network Topology" starting on page 317. That section is also available free online. The code has been integrated into the latest version (4.76) of Nmap, available here.

-Fyodor
Insecure.Org

Have they included a network mapping function yet? They announced it as a GSoC project last year I think, did they get around to hack some graphical map output?

Good question--and yes, we have! Full details on this feature, including screen shots, are provided in Section 12.5, "Surfing the Network Topology" starting on page 317. That section is also available free online. The code has been integrated into the latest version (4.76) of Nmap, available here.

-Fyodor
Insecure.Org

Yes, it's called Zenmap.

-Fyodor
Insecure.Org

network printers with Postscript, ph34r my remote !factorial attacks!

some of them also do email and can be owned for more attacks, some are phone/fax/copier/printers giving you the scope for spam faxing and premium rate dialling attacks.

Plus do you really want remote access to print queues at a UK govt. dept.

HP Printers FTP Server Denial Of Service

Should network printers be patched?

Idle scanning using a network printer & nmap

I am heartened by your blasé approach, there's plenty of fun waiting out there for inquiring minds.

Hey now, even the matrix used nmap!!!

http://nmap.org/movies.html

Starting Nmap 4.62 ( http://nmap.org/ ) at 2008-05-23 11:54 PDT
Interesting ports on beta.slashdot.org (216.34.181.45):
Not shown: 1713 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 1.3.41 ((Unix) mod_perl/1.31-rc4)
443/tcp open ssl/http Apache httpd 1.3.41 ((Unix) mod_perl/1.31-rc4)
Device type: PBX|general purpose
Running (JUST GUESSING) : Vodavi embedded (86%), FreeBSD 6.X (85%)
Aggressive OS guesses: Vodavi XTS-IP PBX (86%), FreeBSD 6.3-RELEASE (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime: 35.124 days (since Fri Apr 18 08:59:04 2008)
Network Distance: 12 hops

TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 ... 12 no response
13 67.70 beta.slashdot.org (216.34.181.45)

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 214.082 seconds

Starting Nmap 4.62 ( http://nmap.org/ ) at 2008-05-23 11:54 PDT
Interesting ports on beta.slashdot.org (216.34.181.45):
Not shown: 1713 closed ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 1.3.41 ((Unix) mod_perl/1.31-rc4)
443/tcp open ssl/http Apache httpd 1.3.41 ((Unix) mod_perl/1.31-rc4)
Device type: PBX|general purpose
Running (JUST GUESSING) : Vodavi embedded (86%), FreeBSD 6.X (85%)
Aggressive OS guesses: Vodavi XTS-IP PBX (86%), FreeBSD 6.3-RELEASE (85%)
No exact OS matches for host (test conditions non-ideal).
Uptime: 35.124 days (since Fri Apr 18 08:59:04 2008)
Network Distance: 12 hops

TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 ... 12 no response
13 67.70 beta.slashdot.org (216.34.181.45)

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 214.082 seconds

• Nmap Reference Guide
• Nmap Install Guide
• Nmap Scripting Engine
• Remote OS Detection
• Version Detection
• Zenmap User's Guide

And I hope to free more chapters in the coming week. Amazon may not care about losing my Nmap book, but I hope enough people stand up to Amazon that they really feel the effect!

-Fyodor

• Nmap Reference Guide
• Nmap Install Guide
• Nmap Scripting Engine
• Remote OS Detection
• Version Detection
• Zenmap User's Guide

And I hope to free more chapters in the coming week. Amazon may not care about losing my Nmap book, but I hope enough people stand up to Amazon that they really feel the effect!

-Fyodor

• Nmap Reference Guide
• Nmap Install Guide
• Nmap Scripting Engine
• Remote OS Detection
• Version Detection
• Zenmap User's Guide

And I hope to free more chapters in the coming week. Amazon may not care about losing my Nmap book, but I hope enough people stand up to Amazon that they really feel the effect!

-Fyodor

• Nmap Reference Guide
• Nmap Install Guide
• Nmap Scripting Engine
• Remote OS Detection
• Version Detection
• Zenmap User's Guide

And I hope to free more chapters in the coming week. Amazon may not care about losing my Nmap book, but I hope enough people stand up to Amazon that they really feel the effect!

-Fyodor

• Nmap Reference Guide
• Nmap Install Guide
• Nmap Scripting Engine
• Remote OS Detection
• Version Detection
• Zenmap User's Guide

And I hope to free more chapters in the coming week. Amazon may not care about losing my Nmap book, but I hope enough people stand up to Amazon that they really feel the effect!

-Fyodor

• Nmap Reference Guide
• Nmap Install Guide
• Nmap Scripting Engine
• Remote OS Detection
• Version Detection
• Zenmap User's Guide

And I hope to free more chapters in the coming week. Amazon may not care about losing my Nmap book, but I hope enough people stand up to Amazon that they really feel the effect!

-Fyodor

• Nmap Reference Guide
• Nmap Install Guide
• Nmap Scripting Engine
• Remote OS Detection
• Version Detection
• Zenmap User's Guide

And I hope to free more chapters in the coming week. Amazon may not care about losing my Nmap book, but I hope enough people stand up to Amazon that they really feel the effect!

-Fyodor

• Nmap Reference Guide
• Nmap Install Guide
• Nmap Scripting Engine
• Remote OS Detection
• Version Detection
• Zenmap User's Guide

And I hope to free more chapters in the coming week. Amazon may not care about losing my Nmap book, but I hope enough people stand up to Amazon that they really feel the effect!

-Fyodor

The Nmap Security Scanner project has now participated in Summer of Code all three years—and mentored 25 students. So I'm pleased that Google has accepted us for a fourth year. This really is a great program, so I hope many Slashdotters apply (or at least spread the word to your student friends who may be too busy with school to read Slashdot). There aren't many opportunities available to get paid to work on free software of your choice. Your work makes a big difference for projects and their users as well. You can read about the successful Nmap SoC students in 2007, 2006, and 2005. No Nmap user can read those lists without recognizing features and improvements they use.

Of course part of the purpose of this post is to shamelessly plug the Nmap SoC ideas page for people trying to choose a project. We'd love to have you. But honestly, I recommend applying for multiple projects if you really want to get in. Don't just spam a bunch of crappy boilerplate applications, but submit as many carefully-considered ones as you have time to write. Also, I've written up some tips for preparing a great SoC application.

-Fyodor

The Nmap Security Scanner project has now participated in Summer of Code all three years—and mentored 25 students. So I'm pleased that Google has accepted us for a fourth year. This really is a great program, so I hope many Slashdotters apply (or at least spread the word to your student friends who may be too busy with school to read Slashdot). There aren't many opportunities available to get paid to work on free software of your choice. Your work makes a big difference for projects and their users as well. You can read about the successful Nmap SoC students in 2007, 2006, and 2005. No Nmap user can read those lists without recognizing features and improvements they use.

Of course part of the purpose of this post is to shamelessly plug the Nmap SoC ideas page for people trying to choose a project. We'd love to have you. But honestly, I recommend applying for multiple projects if you really want to get in. Don't just spam a bunch of crappy boilerplate applications, but submit as many carefully-considered ones as you have time to write. Also, I've written up some tips for preparing a great SoC application.

-Fyodor

The Nmap Security Scanner project has now participated in Summer of Code all three years—and mentored 25 students. So I'm pleased that Google has accepted us for a fourth year. This really is a great program, so I hope many Slashdotters apply (or at least spread the word to your student friends who may be too busy with school to read Slashdot). There aren't many opportunities available to get paid to work on free software of your choice. Your work makes a big difference for projects and their users as well. You can read about the successful Nmap SoC students in 2007, 2006, and 2005. No Nmap user can read those lists without recognizing features and improvements they use.

Of course part of the purpose of this post is to shamelessly plug the Nmap SoC ideas page for people trying to choose a project. We'd love to have you. But honestly, I recommend applying for multiple projects if you really want to get in. Don't just spam a bunch of crappy boilerplate applications, but submit as many carefully-considered ones as you have time to write. Also, I've written up some tips for preparing a great SoC application.

-Fyodor

This is no suprise for people involved in the anti-spam community. It has been discussed for some time in NANAE. What is REALLY sad is that some networks really don't seem to care, or don't have the time to police against this sort of thing. When I was Joe Jobbed by one of these spam gangs, using infected machines for webservers, I reported it to RR and comcast security. They were hosting their site all-oem.biz on several obviously compromised machines AND using my e-mail address in advertisements about their company. What did I get for my trouble? E-mail after e-mail that said - "To the best of our knowledge, the incident that was the basis of your complaint was neither posted by an individual using the Road Runner (Or Comcast) system, nor is it in any way related to the Road Runner (or Comcast) system or content maintained by Road Runner." What was funny is that if you did a dig on the domain being advertised it ALWAYS contained a road runner cable modem account.

Lets try it again for a test shall we?
# host www.all-oem.biz
www.all-oem.biz is an alias for all-oem.biz.
all-oem.biz has address 217.81.243.206
all-oem.biz has address 24.98.35.54
all-oem.biz has address 212.83.89.135
all-oem.biz has address 213.33.0.67
all-oem.biz has address 24.6.6.196

And again, what do we have, 2 comcast cable modems working away trying to sell software that APPEARS to be pirated, and is advertised via spam with false headers.

Lets check the DNS shall we, the dns servers for the domain are listed as follows

Name Server:NS1.MOROZREG.BIZ
Name Server:NS2.MOROZREG.BIZ
Name Server:NS3.MOROZREG.BIZ
Name Server:NS4.MOROZREG.BIZ
Name Server:NS5.MOROZREG.BIZ

Each of these name servers is also hosted on compromised machines, mostly broadband connections. Don't take my word for it, haul out nmap and take a look for yourself. The IP's for these name servers change pretty often. At this time no road runner accounts are showing up. I give it an hour before we get a few more.

In short this is nothing new, and no one should be shocked. Spammers have shown themselves to be an unscrupulous lot. What IS good is that this is starting to get some press. Perhaps this will put pressure on providers to police their networks better. Otherwise more drastic action may be required to be taken by other networks to simply protect themselves.

AngryPeopleRule

You're right! It must be the internet rebels who shuts down the power plant. They must've used the nmap program to scan a vulnerable SSH server in the power plant, exploited it and shut down the power plant. So they can go inside a highly-secured building in order to meet some Architech dude. I believe they are known as the children of zion hacker group.

Have I also mention that they wear black and cool shades?

You don't want sequential order. A little-known feature of nmap is idlescanning which can use any of the incremental IPID machines as a proxy to perform a TCP scan on any host on the Internet. Best make nonsense out of your IPIDs.

...mostly because OpenVMS people tend to think, that 'their' OS is the most secure one on this planet (just like OpenBSD developers do, too).

Compared to Standard-Unices, OpenVMS might offer superior security, mostly because of the privilege model it utilizes instead of giving all-powerful root privileges to many user space applications.

On the other hand, we've got OSs which have much more sophisticated security than OpenVMS.
First, there is IBM's AS/400, which has got a privilege model quite similar in extent to the one used in OpenVMS, but additionally it has object-based design, and therefore object-based security (type enforcement and such...). However, it lacks Mandatory Access Control, TCB, Trusted Path and some other things mostly required by military and/or government environments, and therefore it only achieves a C2 security rating.
And then there are a couple of really secure Trusted Unices/Unix-style OSs, like Trusted Solaris, the Pitbull Addon for Solaris and AIX, Trusted IRIX, or XTS/400.
Just talking about fine-grained privilege controls: Argus' Pitbull has got around 100 privileges, how many privileges are there on an OpenVMS box?

No OS has ever received an A1 security branding. And the only OS which has ever received a B3 security branding, is actually a Trusted Unix Environment, something like a Unix clone with some proprietary security mechanisms built into the kernel (OpenVMS was B1 or maybe B2, iirc).

---

Regarding secure TCP/IP initial sequence number generation, it does not take a Trusted OS to just generate secure sequence numbers.

About two months ago, I compared initial sequence number generation on the following OSs using nmap:
* Windows 95
* Windows ME
* Linux 2.2.x
* Windows 2000 (plain)
* Windows 2000 (with Norton Internet security installed)
* OS/2 Warp Server Advanced 4.0 (default install)
* Sun Solaris 7 x86 (with tcp_strong_iss set to 2)

The results where pretty interesting and also a bit surprising:
Windows 95 was worst (ok, that's not surprising ;-), nmap rating ~10
Then came OS/2, which was not much better, nmap rating ~ 1000
(BTW: does anyone have nmap results from OS/390 or OS/400?)
Even Windows ME was a bit better than OS/2, but still far away from being secure, nmap rating ~ 8000
There was little difference between Win2k with Norton's Firewall (~12000) and Win2k without the Firewall (~15000)
Linux' results were quite good, nmap rating approximately some hundred-thousands or millions
Solaris with tcp_strong_iss set to 2 seemed to offer really strong sequence number generation, so nmap just printed a lot of 9s

---

Additional information:
Here is nmap.
Here is Argus Systems (EAL4 security for Solaris/AIX)
Here is IBM's AS/400
Here is Getronics (B3 secure Unix Environment running Unix and Linux applications)
And finally, here is OpenVMS

Umm just use Fin or Null scanning and you'll be fine. Nmap is very proficient(sp) with these scans, if Syn is logged Fin, Xmas, Null will keep you under the radar and out of sight.

NMap

correct me if i'm wrong :}
CAEthaver2

--mikeeusa--

>> Any properly administrated linux box has a >>decent iptables / ipchains script. If not, it's >>about time to read the docs.
>>From what I've read in the article, tripwire >>should be able to detect an infection. Not so >>much to worry about, I guess.
>>... and of course nmap to scan for open 5503 >>ports (damn, it's now illegal to do so here at >>our university).