Slashdot Mirror

"Love was originally arrested in the UK in October of 2013 after using an automated scanner to locate servers within a large range of IP addresses"

Do you mean something like NMAP

there is no legal distinction between "an anonymous scan" and a "hack"

Can you provide a source for this? Or an example of someone being prosecuted (and convicted of a crime) solely for port scanning with no malicious intent?

From what I can see, it's something of a grey area and intent matters.

This page says "no United States federal laws explicitly criminalize port scanning".

If an organisation is going to want to 'Hack Back' at somewhere that (they believe) has attacked them then they are going to need tools to do so. The result will be an arms race of 'Hacking' tools as companies rush to fill a gap in the market - good news for the likes of Symantec I suppose, a new profit centre. So: will these tools only ever be used 'legitimately' ?

How is this different from having more guns on the street, the result of which is that more people get killed ? (Sorry NRA supporters, but there is a reason that the USA is near the top of the List of countries by firearm-related deaths)

Would Microsoft release a new suite 'Microsoft Hack', what operating system(s) would it seek to subvert ?

So will unfettered use of nmap now be unarguably legal ?

There is an nmap NSE that can be used to scan for Doublepulsar located at https://nmap.org/nsedoc/script... . The best way to stop quite a few of the Shadowbroker vulnerabilities such as Eternalblue is to download the most recent Microsoft patches.

Mirror of the website: http://archive.is/CixsY

And open ports:

nmap -O 209.238.99.227

Starting Nmap 7.40 ( https://nmap.org/ ) at 2017-01-13 16:51 EST
Nmap scan report for giulianisecurity.com (209.238.99.227)
Host is up (0.21s latency).
Not shown: 979 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
110/tcp open pop3
139/tcp filtered netbios-ssn
143/tcp open imap
161/tcp open snmp
389/tcp open ldap
443/tcp open https
445/tcp filtered microsoft-ds
465/tcp filtered smtps
555/tcp open dsf
587/tcp filtered submission
993/tcp open imaps
995/tcp open pop3s
1971/tcp open netop-school
2007/tcp open dectalk
3306/tcp open mysql
5190/tcp open aol
8080/tcp open http-proxy
Aggressive OS guesses: FreeBSD 6.3-RELEASE (95%), PC-BSD 1.3 (92%), FreeBSD 7.1-RELEASE - 9.0-CURRENT (92%), FreeBSD 8.1-RELEASE (92%), FreeBSD 6.2-RELEASE (91%), FreeBSD 7.0-CURRENT (91%), Juniper JunOS 12.3R5.7 (91%), Juniper JUNOS 9.2R1.10 (91%), Apple OS X 10.10.5 (Darwin 14.5.0) (91%), FreeBSD 10.3-RELEASE (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 11 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 343.37 seconds

Mirror of the website: http://archive.is/CixsY

And open ports:

nmap -O 209.238.99.227

Starting Nmap 7.40 ( https://nmap.org/ ) at 2017-01-13 16:51 EST
Nmap scan report for giulianisecurity.com (209.238.99.227)
Host is up (0.21s latency).
Not shown: 979 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
110/tcp open pop3
139/tcp filtered netbios-ssn
143/tcp open imap
161/tcp open snmp
389/tcp open ldap
443/tcp open https
445/tcp filtered microsoft-ds
465/tcp filtered smtps
555/tcp open dsf
587/tcp filtered submission
993/tcp open imaps
995/tcp open pop3s
1971/tcp open netop-school
2007/tcp open dectalk
3306/tcp open mysql
5190/tcp open aol
8080/tcp open http-proxy
Aggressive OS guesses: FreeBSD 6.3-RELEASE (95%), PC-BSD 1.3 (92%), FreeBSD 7.1-RELEASE - 9.0-CURRENT (92%), FreeBSD 8.1-RELEASE (92%), FreeBSD 6.2-RELEASE (91%), FreeBSD 7.0-CURRENT (91%), Juniper JunOS 12.3R5.7 (91%), Juniper JUNOS 9.2R1.10 (91%), Apple OS X 10.10.5 (Darwin 14.5.0) (91%), FreeBSD 10.3-RELEASE (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 11 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 343.37 seconds

a network code that simply assumes you don't give a fuck about security because, hey, I was written for a gaming console where such petty things like antivirus and firewall doesn't exist

Or any other Windows service for that matter, no anti-malware, print spool, or any other thing that starts at boot on Windows.

But I'm not for sure that PS4's and PS3's don't have some kind of basic iptables firewall running (after all they're BSD based).....let me zenmap the PS4.

Rest mode:

Scanning 192.168.1.101 [65535 ports]
Not shown: 65534 closed ports
PORT STATE SERVICE VERSION
41800/tcp open http Mongoose httpd
MAC Address: 70:9E:29:28:8E:32 (Sony)
Device type: game console
Running: FreeBSD, Sony embedded
OS CPE: cpe:/o:freebsd:freebsd cpe:/h:sony:playstation_4
OS details: Sony Playstation 4

Here's what I get when it's running:

Scanning 192.168.1.101 [65535 ports]
Discovered open port 9295/tcp on 192.168.1.101
Completed SYN Stealth Scan at 16:18, 336.23s elapsed (65535 total ports)
Initiating Service scan at 16:18
Scanning 2 services on 192.168.1.101
Completed Service scan at 16:18, 6.01s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against 192.168.1.101
NSE: Script scanning 192.168.1.101.
Initiating NSE at 16:18
Completed NSE at 16:18, 1.45s elapsed
Initiating NSE at 16:18
Completed NSE at 16:18, 1.03s elapsed
Nmap scan report for 192.168.1.101
Host is up (0.00037s latency).
Not shown: 65533 closed ports
PORT STATE SERVICE VERSION
9295/tcp open unknown
41800/tcp open http Mongoose httpd
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submi... :
SF-Port9295-TCP:V=7.12%I=7%D=6/7%Time=57573A17%P=x86_64-redhat-linux-gnu%r
SF:(GenericLines,84,"HTTP/1\.1\x20403\x20Forbidden\r\nConnection:\x20close
SF:\r\nPragma:\x20no-cache\r\nContent-Length:\x200\r\nRP-Version:\x205\.0\
SF:r\nRP-Application-Reason:\x2080108bff\r\n\r\n");
MAC Address: 70:9E:29:28:8E:32 (Sony)
Device type: game console
Running: FreeBSD, Sony embedded
OS CPE: cpe:/o:freebsd:freebsd cpe:/h:sony:playstation_4
OS details: Sony Playstation 4

not to mention the barely (if at all) changed controls that fit perfectly for console controllers but are simply unusable for a keyboard and mouse setup

Then don't use a mouse and keyboard? After all if I want to text chat in an MMO on a console wouldn't I plug in a keyboard?

bonus points if you leave in the aimbot for FPS games that's necessary so console players can hit anything with their shot controls

It is not an aimbot, it is an "aim assist". In most cases, you can turn them off or control how much they assist.

And wouldn't that suggest that mouse aiming is easy mode for casual gamer-come-latelies whose first game was TF2?

The long-running zine has also hosted a number of notable articles, including the famed Hacker Manifesto and Smashing The Stack For Fun And Profit.

Not to mention an article from 1997 called "The Art of Port Scanning" in which Fyodor introduced a tool called nmap...

At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers.

2. The reference by Fyodor that even if Sourceforge still isn't bundling anything on nmap, the page is designed to mislead the users with fake download buttons:

"So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) (...)

Below I repost the original submission so you can compare:

Sourceforge Hijacks the Nmap Sourceforge Account

Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that the Sourceforge Nmap account was hijacked from him.

According to him the old Nmap project page (located at http://sourceforge.net/project..., screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which controlled by sf-editor1 and sf-editor3, in pattern mirroring the much discussed the takeover of GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week Slashdot.

That happens after Sourceforge promises to stop "presenting third party offers for unmaintained SourceForge projects. At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

To their credit Fyodor states that "So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP" but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html"

Because /. editors seem to have inconvenient hollidays I'll just spam this topic with the bahaviour of their mother company:

From http://seclists.org/nmap-dev/2...:

From: Fyodor
Date: Wed, 3 Jun 2015 00:56:23 -0700

Hi Folks! You may have already read the recent news about Sourceforge.net
hijacking the GIMP project account to distribute adware/malware.
Previously GIMP used this Sourceforge account to distribute their Windows
installer, but they quit after Sourceforge started tricking users with fake
download buttons which lead to malware rather than GIMP. Then Sourceforge
took over GIMP's account and began distributing a trojan installer which
tries to trick users into installing various malware and adware before
actually installing GIMP. Of course this goes directly against Sourceforge
CEO Michael Schumacher's promise less than two years ago:

"we want to reassure you that we will NEVER bundle offers with any project
without the developers consent"
--http://sourceforge.net/blog/advertising-bundling-community-and-criticism/

So much for that promise! Anyway, the bad news is that Sourceforge has
also hijacked the Nmap account from me. The old Nmap project page is now
blank:

http://sourceforge.net/project...

Meanwhile they have moved all the Nmap content to their new page which only
they control:

http://sourceforge.net/project...

You can see at the top that the owners of the Nmap page are now
'sf-editor1', and 'sf-editor3'. You can click on those to see other
projects they have hijacked.

So far they seem to be providing just the official Nmap files (as long as
you don't click on the fake download buttons) and we haven't caught them
trojaning Nmap the way they did with GIMP. But we certainly don't trust
them one bit! Sourceforge is pulling the same scheme that CNet
Download.com tried back when they started circling the drain:

http://insecure.org/news/downl...

We will ask Sourceforge to remove the hijacked Nmap page, but more
importantly we want to reiterate that you should only download Nmap from
our official SSL Nmap site:

https://nmap.org/download.html

If you don't trust SSL by itself (and we don't blame you), you can also
check the GPG signatures: https://nmap.org/book/install....

Cheers,
Fyodor

PS: Ars Technica has a good article about the Sourceforge/GIMP fiasco:
http://arstechnica.com/?p=6734...

PPS: Sourceforge now claims they will stop trojaning software without the
developer's permission, but they've broken that exact promise before.

Because /. editors seem to have inconvenient hollidays I'll just spam this topic with the bahaviour of their mother company:

From http://seclists.org/nmap-dev/2...:

From: Fyodor
Date: Wed, 3 Jun 2015 00:56:23 -0700

Hi Folks! You may have already read the recent news about Sourceforge.net
hijacking the GIMP project account to distribute adware/malware.
Previously GIMP used this Sourceforge account to distribute their Windows
installer, but they quit after Sourceforge started tricking users with fake
download buttons which lead to malware rather than GIMP. Then Sourceforge
took over GIMP's account and began distributing a trojan installer which
tries to trick users into installing various malware and adware before
actually installing GIMP. Of course this goes directly against Sourceforge
CEO Michael Schumacher's promise less than two years ago:

"we want to reassure you that we will NEVER bundle offers with any project
without the developers consent"
--http://sourceforge.net/blog/advertising-bundling-community-and-criticism/

So much for that promise! Anyway, the bad news is that Sourceforge has
also hijacked the Nmap account from me. The old Nmap project page is now
blank:

http://sourceforge.net/project...

Meanwhile they have moved all the Nmap content to their new page which only
they control:

http://sourceforge.net/project...

You can see at the top that the owners of the Nmap page are now
'sf-editor1', and 'sf-editor3'. You can click on those to see other
projects they have hijacked.

So far they seem to be providing just the official Nmap files (as long as
you don't click on the fake download buttons) and we haven't caught them
trojaning Nmap the way they did with GIMP. But we certainly don't trust
them one bit! Sourceforge is pulling the same scheme that CNet
Download.com tried back when they started circling the drain:

http://insecure.org/news/downl...

We will ask Sourceforge to remove the hijacked Nmap page, but more
importantly we want to reiterate that you should only download Nmap from
our official SSL Nmap site:

https://nmap.org/download.html

If you don't trust SSL by itself (and we don't blame you), you can also
check the GPG signatures: https://nmap.org/book/install....

Cheers,
Fyodor

PS: Ars Technica has a good article about the Sourceforge/GIMP fiasco:
http://arstechnica.com/?p=6734...

PPS: Sourceforge now claims they will stop trojaning software without the
developer's permission, but they've broken that exact promise before.

I happen to have well over 15 years experience in the same field. My argument was not that you can't have agreements, but that you must have the agreements to even perform something as simple as a port scan. The CEH and CISSP course books first several chapters are dedicated to covering the legal issues (heavy US law, big ticket items with International Law). NMAP documentation also points out that just port scanning may result in a felony charge at a maximum, but at a minimum you could be sued for damages.

15 years ago I could run port scans without too much worry about being prosecuted as long as the intention was good and I didn't DOS someone in the process. Today, not a chance in hell I'd ever work without the correct legal agreements in place.

IMHO, a big problem is that today people perceive they can be a l337 H@X0R with nothing more than minimum knowledge of nmap and metasploit. They picture White Hat hacking as identical to Black Hat, but playing for the other team. It has not been that simple for a decade, and the majority of IT Security today is not hacking. If you can't present findings, define test methods, determine compensating controls, etc.. etc... then you are not going to last long in the field.

From the source in question, yes it may land you in jail. It all depends on the target and what they choose to do with you port scanning them.

Oh, she just uses her own domain, which someone registered for her the week before she was sworn in as Sec of State. clintonemail.com

whois clintonemail.com | grep "Registrant Name"
Registrant Name: PERFECT PRIVACY, LLC

Hey, LOOK everybody, Clinton supports PRIVACY rights from the prying eyes of the NSA!

nmap clintonemail.com

Starting Nmap 6.47 ( http://nmap.org/ ) at 2015-03-03 07:50 PST
Nmap scan report for clintonemail.com (208.91.197.27)
Host is up (0.083s latency).
Not shown: 996 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
554/tcp open rtsp
7070/tcp open realserver
... and ... transparency through old video streaming technology.

curl -vi clintonemail.com ... says it's an apache server, so there's that.

You're both right! She used nmap to find the IP, the sshnuke exploit, then ssh to gain access.
screen capture.

I was impressed that they would use a real exploit. They knew their audience.

I believe that that -sV flag covers that.

http://nmap.org/book/man-versi...

You could also set up some kind of DMZ where you use a router with firewalling capabilities between broadband and your home network. This gives you some security now while you are still experimenting. Also it is a good idea to not trust your router and set up your own firewall in addition to it. Beyond that you may also protect us from your experiments that way.

You can also try to scan/hack your internal firewall with tools like nmap to see how it is holding up. Here is a list of a few links:
http://www.ietf.org/rfc/rfc791...
http://www.netfilter.org/index...
http://nmap.org/
http://www.wireshark.org/

Also there is user friendly in case you have been missing it so far, http://ars.userfriendly.org/ca...

It was more than just sensical: They were using it to locate a server that was vulnerable to a real exploit for a real exploit for a real(if old) version of SSH1:

http://nmap.org/movies/

It's always disappointing when terrible movies mix total nonsense with very real information, as it raises expectations too much. Other examples of somewhat correct lingo mixed with nonsense is the scene in Hackers where they go through real books that actual hackers from way back then would find useful. But even if I bring my old college book on compiler design to work, risk getting called into Human Resources by riding on a skateboard through the building, and telling everyone that we should start hacking the Gibson, it'd still not make any of my female coworkers actually look like Angelina Jolie.

All those movies, full of lies.

I'm pretty sure it's hacking only when the other end has an expectation of security.

Im not aware of that being a factor. Whether it is illegal or not is up to the courts, but it truly is best not to tempt fate.

See:
http://nmap.org/book/legal-iss...

This article sounds like the DICKS plugin for nmap that was described in this issue of hakin9. This was a beautiful trojan horse.

The nmap security scanner's licence is the GPL version 2, along with an opening comment where they give their interpretation. It seems that this interpretation is draconic, and among other things requires programs that parse the output of nmap to be licensed under the GPL or a compatible licence as well. This seems to stand against the Free Software Definition, which among other things specifies that one has "The freedom to run the program, for any purpose".

If we (or the courts) is going to accept nmap's interpretation of the GPL, then we can expect all hell to break lose, because that will mean that the output of such programs such as GCC (the GNU Compiler Collection), GNU awk, GNU sed, and many other GPLed programs of the GNU project or otherwise, must be under a GPL-compatible licence, while in fact, the GNU project approved of using them to build free software and proprietary software that was not.

Do you approve of the nmap interpretation, or do you think nmap are misusing the GPL as a way to apply the free software figleaf to their work, without complying with the spirit of free software?

Great work to Fyodor and the dev team. Another quality release. The new NSE scripts are great, as is the speed improvements.

For those who have not used ncat - I urge you to check it out. With the portable windows version, you can drop this on a box and build encrypted tunnels. You can bring up a HTTP proxy in the time it takes you to type "ncat --proxy-type http -l 127.0.0.1 9090" It is a very handy little tool. When it comes to features ncat blows nc away.


Now to plug my service.

Online port scanner that uses Nmap, now updated to version 6.0. Allows port scanning of IPv4 and IPv6 addresses.

It's great to see the use of machine learning for the OS clasification / fingerprinting with IPv6. If this works out well I'd love to see a 3rd-generation IPv4 OS detection added using similar techniques. See http://nmap.org/book/osdetect-guess.html#osdetect-guess-ipv6

The nmap guys seem to have considered a few scripting languages too for a while, and stuck to Lua because of a couple of reasons addressed in this conference (and probably in some other place in the NSE docs). While I know nothing of the people behind the scenes of Wikipedia, I do kind of trust the decisions made by the nmap team, so my guess is it's not a clueless decision.

The whole book is this heist.

Literally.

Just check out the summary.

The thing that makes this book series special is that they don't say, "I ran nmap and knew from the output they were running a webserver."

They say "I ran nmap with 'sudo nmap -P0 -T3 -p 80 127.0.0.1 -oA localscan'

And got:

Starting Nmap 5.21 ( http://nmap.org/ ) at 2012-01-17 20:55 PST Nmap scan report for localhost (127.0.0.1) Host is up (0.000083s latency). PORT STATE SERVICE 80/tcp open http Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds And could see from the line "80/tcp open http"

http://www.amazon.com/Stealing-Network-How-Own-Continent/dp/1931836051

//Has the whole series and still remembers the props I got from Blue bore.

///Yes I know the example is a bit contrived but that is exactly how they present information in the series and I learned a lot from it.

Interesting. Port 10010 doesn't show up on a port scan but responds to telnet.

host ciqcol01.ciq.labs.att.com
ciqcol01.ciq.labs.att.com has address 216.103.127.200

nmap -P0 216.103.127.200
Starting Nmap 5.21 ( http://nmap.org/ ) at 2011-12-23 07:52 CST
Nmap scan report for 216.103.127.200
Host is up (0.028s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds

totally its so hard to find a trustworthy place to download nmap http://nmap.org/dist/nmap-5.51-setup.exe
how about sourceforge?

Over at nmap.org, there's a GPL license. See this. They also offer a commercial license.

I'm not sure if the machines inside the walled garden can talk to each other, either.

There's no reason to be unsure.

Just fire up nmap or Netscan and have a peek.

Old school, but works. New school is just fire up your bonjour / zeroconf / whatever its called now client and see if its full of other peoples printers, desktops, and airport-extreme type devices.

Of course a dumb enough admin might filter JUST mdns and forget to filter the actual services, so it's still worthwhile to nmap.

I'm not sure if the machines inside the walled garden can talk to each other, either.

There's no reason to be unsure.

Just fire up nmap or Netscan and have a peek.

The Matrix reloaded had NMAP though and that was awesome. http://nmap.org/movies.html

You might want to look into NMaps scripting features if you have the time. It's designed to implement exactly that kind of stuff.

You might have better success with even a semi-valid HTTP/1.1 request such as

GET / HTTP/1.1
Host: www.google.com

Also, using telnet here is redundant. You should consider using one of the several netcats available. Some even support nice features like SSL encryption, so you can make encrypted requests to to the https port (443).

Try reading the sourceforge page instead. http://sqlninja.sourceforge.net/sqlninja-howto.html#s1. It's not a pen testing tool. It's an exploit tool.

http://nmap.org/ this says in the introduction:

"map ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing."

This one isn't! http://nmap.org/favicon/?q=slashdot.org

http://nmap.org/movies.html for the collection of movies including Trinity's scene. :)

Incidentally, just to the right of the Slashdot icon lives Virgin

A little too close to home for the /. crowd, methinks...

Incidentally, just to the right of the Slashdot icon lives Virgin

A little too close to home for the /. crowd, methinks...

http://nmap.org/favicon/?q=slashdot.org

Starting Nmap 5.00 ( http://nmap.org/ ) at 2010-07-12 19:33 PDT
NSE: Loaded 59 scripts for scanning.
Initiating Ping Scan at 19:33
Scanning 208.102.223.137 [16 ports]
Completed Ping Scan at 19:33, 0.24s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:33
Completed Parallel DNS resolution of 1 host. at 19:33, 0.01s elapsed
Initiating SYN Stealth Scan at 19:33
Scanning mw-esr1-208-102-223-137.fuse.net (208.102.223.137) [1000 ports]
SYN Stealth Scan Timing: About 30.50% done; ETC: 19:35 (0:01:11 remaining)
SYN Stealth Scan Timing: About 61.00% done; ETC: 19:35 (0:00:39 remaining)
Completed SYN Stealth Scan at 19:35, 98.20s elapsed (1000 total ports)
Initiating UDP Scan at 19:35
Scanning mw-esr1-208-102-223-137.fuse.net (208.102.223.137) [1000 ports]
UDP Scan Timing: About 31.00% done; ETC: 19:36 (0:01:09 remaining)
UDP Scan Timing: About 62.00% done; ETC: 19:36 (0:00:37 remaining)
Completed UDP Scan at 19:36, 98.29s elapsed (1000 total ports)
Initiating Service scan at 19:36
Scanning 1000 services on mw-esr1-208-102-223-137.fuse.net (208.102.223.137)
Service scan Timing: About 0.40% done
Service scan Timing: About 1.60% done; ETC: 21:31 (1:52:45 remaining)
Service scan Timing: About 3.10% done; ETC: 21:05 (1:25:58 remaining)
Service scan Timing: About 4.60% done; ETC: 20:56 (1:16:03 remaining)
Service scan Timing: About 6.10% done; ETC: 20:51 (1:10:33 remaining)
Service scan Timing: About 9.10% done; ETC: 20:47 (1:04:06 remaining)
Service scan Timing: About 12.10% done; ETC: 20:44 (1:00:03 remaining)
Service scan Timing: About 16.60% done; ETC: 20:43 (0:55:21 remaining)
Service scan Timing: About 21.10% done; ETC: 20:41 (0:51:29 remaining)
Service scan Timing: About 25.60% done; ETC: 20:41 (0:48:00 remaining)
Service scan Timing: About 30.10% done; ETC: 20:40 (0:44:45 remaining)
Service scan Timing: About 36.10% done; ETC: 20:40 (0:40:36 remaining)
Service scan Timing: About 42.10% done; ETC: 20:39 (0:36:36 remaining)
Service scan Timing: About 48.10% done; ETC: 20:39 (0:32:41 remaining)
Service scan Timing: About 54.10% done; ETC: 20:39 (0:28:48 remaining)
Service scan Timing: About 60.10% done; ETC: 20:39 (0:24:58 remaining)
Service scan Timing: About 66.10% done; ETC: 20:39 (0:21:10 remaining)
Service scan Timing: About 72.10% done; ETC: 20:39 (0:17:24 remaining)
Service scan Timing: About 78.10% done; ETC: 20:38 (0:13:38 remaining)
Service scan Timing: About 84.10% done; ETC: 20:38 (0:09:53 remaining)
Service scan Timing: About 90.10% done; ETC: 20:38 (0:06:09 remaining)
Service scan Timing: About 96.10% done; ETC: 20:38 (0:02:25 remaining)
Completed Service scan at 20:38, 3688.29s elapsed (1000 services on 1 host)
Initiating OS detection (try #1) against mw-esr1-208-102-223-137.fuse.net (208.102.223.137)
Retrying OS detection (try #2) against mw-esr1-208-102-223-137.fuse.net (208.102.223.137)
NSE: Script scanning 208.102.223.137.
NSE: Starting runlevel 1 scan
Initiating NSE at 20:38
Completed NSE at 20:38, 30.24s elapsed
NSE: Starting runlevel 2 scan
Initiating NSE at 20:38
Completed NSE at 20:38, 5.03s elapsed
NSE: Script Scanning completed.
Host mw-esr1-208-102-223-137.fuse.net (208.102.223.137) is up (0.098s latency).
All 2000 scanned ports on mw-esr1-208-102-223-137.fuse.net (208.102.223.137) are filtered (1000) or open|filtered (1000)
Too many fingerprints match this host to give specific OS details

Host script results:
|_ nbstat: ERROR: Name query failed: TIMEOUT

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3927.07 seconds
Raw packets sent: 4046 (149.132KB) | Rcvd: 5 (680B)

Starting Nmap 5.00 ( http://nmap.org/ ) at 2010-07-12 19:33 PDT
NSE: Loaded 59 scripts for scanning.
Initiating Ping Scan at 19:33
Scanning 208.102.223.137 [16 ports]
Completed Ping Scan at 19:33, 0.24s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 19:33
Completed Parallel DNS resolution of 1 host. at 19:33, 0.01s elapsed
Initiating SYN Stealth Scan at 19:33
Scanning mw-esr1-208-102-223-137.fuse.net (208.102.223.137) [1000 ports]
SYN Stealth Scan Timing: About 30.50% done; ETC: 19:35 (0:01:11 remaining)
SYN Stealth Scan Timing: About 61.00% done; ETC: 19:35 (0:00:39 remaining)
Completed SYN Stealth Scan at 19:35, 98.20s elapsed (1000 total ports)
Initiating UDP Scan at 19:35
Scanning mw-esr1-208-102-223-137.fuse.net (208.102.223.137) [1000 ports]
UDP Scan Timing: About 31.00% done; ETC: 19:36 (0:01:09 remaining)
UDP Scan Timing: About 62.00% done; ETC: 19:36 (0:00:37 remaining)
Completed UDP Scan at 19:36, 98.29s elapsed (1000 total ports)
Initiating Service scan at 19:36
Scanning 1000 services on mw-esr1-208-102-223-137.fuse.net (208.102.223.137)
Service scan Timing: About 0.40% done
Service scan Timing: About 1.60% done; ETC: 21:31 (1:52:45 remaining)
Service scan Timing: About 3.10% done; ETC: 21:05 (1:25:58 remaining)
Service scan Timing: About 4.60% done; ETC: 20:56 (1:16:03 remaining)
Service scan Timing: About 6.10% done; ETC: 20:51 (1:10:33 remaining)
Service scan Timing: About 9.10% done; ETC: 20:47 (1:04:06 remaining)
Service scan Timing: About 12.10% done; ETC: 20:44 (1:00:03 remaining)
Service scan Timing: About 16.60% done; ETC: 20:43 (0:55:21 remaining)
Service scan Timing: About 21.10% done; ETC: 20:41 (0:51:29 remaining)
Service scan Timing: About 25.60% done; ETC: 20:41 (0:48:00 remaining)
Service scan Timing: About 30.10% done; ETC: 20:40 (0:44:45 remaining)
Service scan Timing: About 36.10% done; ETC: 20:40 (0:40:36 remaining)
Service scan Timing: About 42.10% done; ETC: 20:39 (0:36:36 remaining)
Service scan Timing: About 48.10% done; ETC: 20:39 (0:32:41 remaining)
Service scan Timing: About 54.10% done; ETC: 20:39 (0:28:48 remaining)
Service scan Timing: About 60.10% done; ETC: 20:39 (0:24:58 remaining)
Service scan Timing: About 66.10% done; ETC: 20:39 (0:21:10 remaining)
Service scan Timing: About 72.10% done; ETC: 20:39 (0:17:24 remaining)
Service scan Timing: About 78.10% done; ETC: 20:38 (0:13:38 remaining)
Service scan Timing: About 84.10% done; ETC: 20:38 (0:09:53 remaining)
Service scan Timing: About 90.10% done; ETC: 20:38 (0:06:09 remaining)
Service scan Timing: About 96.10% done; ETC: 20:38 (0:02:25 remaining)
Completed Service scan at 20:38, 3688.29s elapsed (1000 services on 1 host)
Initiating OS detection (try #1) against mw-esr1-208-102-223-137.fuse.net (208.102.223.137)
Retrying OS detection (try #2) against mw-esr1-208-102-223-137.fuse.net (208.102.223.137)
NSE: Script scanning 208.102.223.137.
NSE: Starting runlevel 1 scan
Initiating NSE at 20:38
Completed NSE at 20:38, 30.24s elapsed
NSE: Starting runlevel 2 scan
Initiating NSE at 20:38
Completed NSE at 20:38, 5.03s elapsed
NSE: Script Scanning completed.
Host mw-esr1-208-102-223-137.fuse.net (208.102.223.137) is up (0.098s latency).
All 2000 scanned ports on mw-esr1-208-102-223-137.fuse.net (208.102.223.137) are filtered (1000) or open|filtered (1000)
Too many fingerprints match this host to give specific OS details

Host script results:
|_ nbstat: ERROR: Name query failed: TIMEOUT

Read data files from: /usr/share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3927.07 seconds
Raw packets sent: 4046 (149.132KB) | Rcvd: 5 (680B)

As someone working as a Network Engineer I would recommend you look at GNS3 since you can install it via sources or via a deb package, you already have the address in other post in this thread. The nice thing about GNS is that if you build the network and installe the images (that is the trouble part) you need actual cisco images, you might be able to obtain them for educational purposes, and why not approach Cisco to ask. The worst thing you could get is a no on the other hand you might end up with a system that acts as the devices do in real life, an ideal playground in which to learn about networking, but to properly learn get hold of a package generator to stream your simulated environment. http://sourceforge.net/projects/packeth/ http://sourceforge.net/projects/pacgen/ http://bittwist.sourceforge.net/ http://sourceforge.net/projects/traffic/ http://gull.sourceforge.net/ http://mc-mint.sourceforge.net/ Are just some of the available package generators. Also someone else mentioned wireshark http://www.wireshark.org/ - That tool is a must for anyone serious about learning about networking and someone teaching about it. NMAP is another must as well http://nmap.org/ Good luck with your efforts

There's an script in nmap that does this quite easily:

nmap --script=pjl-ready-message.nse --script-args='pjl_ready_message="your message here"'

Reference:
http://nmap.org/nsedoc/scripts/pjl-ready-message.html

My favorite message to use is "INSERT COIN"

We just today released Nmap 5.30BETA1, which contains the version detection signature described in this post for detecting the Energizer trojan. It also includes a detection and exploitation script for a major Mac OS X vulnerability which Nmap developer Patrik Karlsson found last month and Apple finally patched this morning. There are about 100 other changes as well, including 37 new NSE scripts. You can download it free here.

Pardon the Nmap promotion, but it seemed on-topic for the story.

We just today released Nmap 5.30BETA1, which contains the version detection signature described in this post for detecting the Energizer trojan. It also includes a detection and exploitation script for a major Mac OS X vulnerability which Nmap developer Patrik Karlsson found last month and Apple finally patched this morning. There are about 100 other changes as well, including 37 new NSE scripts. You can download it free here.

Pardon the Nmap promotion, but it seemed on-topic for the story.

Trinity used nmap and a tool called `sshnuke,' a tool that presumably exploited the SSH1 CRC32 exploit. If you want to talk about realism, nothing really gets more real than this in the movies. Here's a picture of this Hollywood anomaly.

Or with using real security-related tools like netcat and iptables?

You mean like in The Matrix?

http://nmap.org/images/matrix/matrix-hack-screen2.png

The Matrix is a rare good example. I loved the Key Maker metaphor in the second matrix movie as well as the occasional low level hack they showed.

Or with using real security-related tools like netcat and iptables?

You mean like in The Matrix?

http://nmap.org/images/matrix/matrix-hack-screen2.png

The Viewer Friendly Interface trope was (surprisingly) largely averted in the Matrix where only a little Hollywood was wrapped around an almost unmodified nmap and sshnuke.

OldnBusted:~ mike$ nmap -p 8080 [redacted].com

Starting Nmap 4.60 ( http://nmap.org/ ) at 2009-09-12 19:46 MDT
Interesting ports on [redacted].com (XX.XX.XX.XX):
PORT STATE SERVICE
8080/tcp closed http-proxy

Nmap done: 1 IP address (1 host up) scanned in 0.210 seconds
OldnBusted:~ mike$

I'm good!