Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nmap Security Tool Survey

Posted by michael on from the portscanning-for-fun-and-profit dept.

spring writes "Every so often, the author of everyone's favorite network reconnaissance tool, nmap, runs a survey to determine which security-oriented software products are most popular. This year's tool survey was just released, and it contains some interesting results. Old favorites like Nessus, Snort, Netcat, and Ethereal made the list, of course. SAINT and SARA are still around. But a number of new tools appeared this year, like Windows-only GFI LANguard, SuperScan, and Cain & Abel. Nikto and Kismet demonstrate the growing importance of wireless networks. The survey contains many good tools. Certainly worth a read."

104 comments

  1. Security tools are awesome, but.... by whiteranger99x · · Score: 5, Insightful

    remember that these tools aren't going to be the "end all/be all" of network security.

    You also have to have a good preventive security plan, which these tools will help out in. However, there should also be a plan of action should these security measures get bypassed (i.e. an insider job, program exploits, trojans, etc...)

    But that's just my contention...

    --
    Join the TWIT army now!
    1. Re:Security tools are awesome, but.... by FiDooDa · · Score: 5, Insightful

      remember that these tools aren't going to be the "end all/be all" of network security.

      isn't why they are called tools and not solutions ?!?!

    2. Re:Security tools are awesome, but.... by Anonymous Coward · · Score: 1, Funny
      Also, these tools will help break into places with poor security policies. :-)


      Dear Slashdot: Where the fuck is my "Post anonymously" button? Are you telling me I have to logout to post anonymously now? What the fuck is wrong with you assfucks?

    3. Re:Security tools are awesome, but.... by whiteranger99x · · Score: 3, Insightful

      Isn't why they are called tools and not solutions ?!?!

      Fair enough, I agree with you there. I simply meant to say that sometimes these tools are referred to as a complete solution, which is most likely a misnomer.

      --
      Join the TWIT army now!
    4. Re:Security tools are awesome, but.... by FiDooDa · · Score: 2, Insightful

      sometimes these tools are referred to as a complete solution, which is most likely a misnomer.

      sooo true, I (unfortunately) witnessed it too many times.

    5. Re:Security tools are awesome, but.... by ChazeFroy · · Score: 2, Informative

      Nikto...demonstrate[s] the growing importance of wireless networks.

      Last I checked, Nikto had nothing to do with wireless networks. It's a web server scanner based off Whisker.

    6. Re:Security tools are awesome, but.... by SEWilco · · Score: 4, Insightful

      There is also no requirement to depend upon a single tool. Having alarms on your doors doesn't protect your windows. Perimeter detectors establish a fence, while tripwires, beams, and area detectors offer notification of activity in different ways -- and design is affected by issues such as whether or not you have a cat. Don't limit your design to only using one tool, consider your needs and the variety of tools.

    7. Re:Security tools are awesome, but.... by sullo · · Score: 1

      Yeah, kind of raised my eyebrows as well, but.. heck, it's right in the source list on insecure.org, and it's all for fun (right?).

      - Sullo

    8. Re:Security tools are awesome, but.... by jjb · · Score: 3, Insightful
      I totally agree. But they're tools, not "solutions."


      Anyway, Defense in Depth is always good -- if an attacker penetrates the firewall, it's good to have hosts that are harder to crack. If the host gets cracked, you'd want to have an incident response plan and policy so that you can contain the damage.


      In Bastille Linux's defense, we try very hard to educate the sysadmin/user so they'll make better decisions. Bastille tries to educate the user, to help her build a good hardening policy for her hosts and hopefully her site.


      And that education is one of the few things that will actually keep your sysadmins or users from blowing the entire site's security away with a bad decision... Who cares if you're proactively scanning for open ports when you don't know why some of those open ports are worse than others? Your admin has to know that allowing Samba/CIFS/Windows filesharing through the perimeter firewall is asking to be hurt badly. Your admin has to know that setting every Unix box to give root via rsh from a particular (spoofable) IP addess is asking for a domino effect.


      Education, unfortunately, is the hardest step.

    9. Re:Security tools are awesome, but.... by orangesquid · · Score: 1

      After posting anonymously the other day, my "post anonymously" button disappeared for a day or two. I think my post was modded down, but I don't know if this has anything to do with it. Of course, one thing that worries me is that slashdot seems to be able to "know" when you post something anonymously, which is *not* how it ought to be. Ever noticed that, if you have mod points, you can't mod up your own anonymous posts? Curious..

      I suppose not being able to post anonymously would be either to discourage anon posting or cut down on trolling by members, or something.

      --
      --TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
    10. Re:Security tools are awesome, but.... by orangesquid · · Score: 1

      a-HA! It's a random bug. slashcode@sourceforge

      --
      --TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
    11. Re:Security tools are awesome, but.... by Anonymous Coward · · Score: 0

      story please?

      i mean i would like to hear what phb's thought scanning their network was all they needed - it's funny and i like to laugh

  2. Saint became commercial product by Giga-Byter · · Score: 1

    It's too bad. I'd liked to use it sometimes ;)

  3. My two cents by rastakid · · Score: 1

    "But a number of new tools appeared this year, like Windows-only GFI LANguard, SuperScan, and Cain & Abel."

    Cain & Abel has been around for ages, so maybe a new one on the list, not really a new tool.

    Just my two cents.

    --
    In need of reliable and affordable server monitoring?
    1. Re:My two cents by rastakid · · Score: 1

      Another two cents (makes it four):

      Why aren't there any numbers in the list? I would like to know how many votes a given scanner was given.

      Lies, damn lies and statistics.

      --
      In need of reliable and affordable server monitoring?
    2. Re:My two cents by c0y · · Score: 1
      Cain & Abel has been around for ages, so maybe a new one on the list, not really a new tool.

      Ditto for SuperScan. The link has copyright 2000, and I've known about it for approximately that long.

    3. Re:My two cents by Anonymous Coward · · Score: 0
      Yea, the Slashdot story isn't clear, but the article makes it very clear.

      These icons are used:
      NEW Did not appear on the 2000 list

  4. I know the *most* popular security purchase..... by AMuse · · Score: 3, Informative

    It's These Guys.

    When a windows java exploit can reformat your disk by visiting a malformed web page, you don't really have to wonder why they're so popular.

  5. Fine set of tools. by Jack+Va1enti · · Score: 5, Funny

    Hilary and I intend to run these against every machine in the world, ferreting out and destroying those eeeevil P2P pirates!

  6. Ethereal a security tool ? by Rosco+P.+Coltrane · · Score: 3, Informative

    Ethereal == tcpdump with graphical interface. Incredibly nice tool, but hardly a security tool.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Ethereal a security tool ? by the+uNF+cola · · Score: 4, Insightful

      You'd be surprised. tcpdump/ethereal is great for say, when some jerk is trying to DOS you and you need to know how.

      Knowing the how allows you to put in filters. Filters allows you to operate.

      --

      --
      "I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo

    2. Re:Ethereal a security tool ? by Rosco+P.+Coltrane · · Score: 3, Informative

      Of course, but I mean it's not a security tool per se, it's a general purpose tool that happens to be usable for security purposes. Kind of reading /var/log/messages actually :-)

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    3. Re:Ethereal a security tool ? by hbackert · · Score: 4, Insightful

      It's a nice way to check a connection is not made, that packets do not go out of one or another interface, that traffic is encrypted. tcpdump can do the same (except follow TCP traffic, which is very enlightning for users who like telnet).

      So while Ethereal does not increase security by itself, it does add security by making it possible to check out the packets. That makes is IMHO a security tool.

    4. Re:Ethereal a security tool ? by the+uNF+cola · · Score: 3, Informative

      Point is, sniffers are the only tool out there to actually see what traffic is out there. Yeah, you can use nmap for finding out what OS is running (sometimes) but that's not security per se either. Its just tcp/ip-to-OS identification.

      Sometimes ducks don't just quack. The sometimes fly and lay eggs too.

      --

      --
      "I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo

    5. Re:Ethereal a security tool ? by Anonymous Coward · · Score: 0

      That's pretty pointless logic. Just about every tool on the list is a general purpose tool. What's your real gripe here? Don't like GUIs?

    6. Re:Ethereal a security tool ? by frantzen · · Score: 1

      you can you tcpdump and ethereal to browse and help analyze the firewall logs generated by OpenBSD's PF.

  7. mac os X tools by FiDooDa · · Score: 5, Informative

    for those interested in sec tools on mac OS X, here is a small list of tools to add :

    rpg password generator
    kismac a kismet equivalent that also includes a WEP cracker. very nice!
    macanalysis a really good security tools suite

    1. Re:mac os X tools by jjb · · Score: 3, Interesting
      kismac looks pretty cool for wireless audits. BTW, Bastille Linux is even more badly misnamed -- we've got it working on Mac OS X now! It takes a perl compile and a tweak to perl-Tk, but it works under X on Mac.

      Anyway, if anyone here is interested in helping package Bastille for Mac, especially with that perl upgrade, please contact me!

      - Jay

  8. I am not slashdot, buttttt.... by zogger · · Score: 1

    ... hitting the reply button, whilst logged in, reveals the post anonymous check box is still there.
    No idea why you do not see it. Perhaps post your config instead of just cursing at the owners? maybe it's only broken with some combinations?

    FWIW, old coal burner pentium, linux,i686, moz 1.3b browser

  9. instead of a firewall by SHEENmaster · · Score: 1

    just run an http proxy through a serial port so that the windows system can't use any other type of connection.

    I'd like to see zone alarm beat that! My solution wouln't give any modal dialog boxes either.

    --
    You can't judge a book by the way it wears its hair.
  10. Re:friewall by liquidflare · · Score: 0

    Zone Alarm is a good friewall, huh? Do you mean french fries? How exactly would a wall of french fries help your M$ PC? Please explain.

  11. Wellenreiter by Echelon309 · · Score: 5, Informative

    Although it wasn't on the list, Wellenreiter is really great wireless scanner. Plus, it runs on the Zaurus under OZ3, which makes it great for less conspicuous scanning since you don't have to lug a laptop around.

    1. Re:Wellenreiter by fv · · Score: 4, Informative
      > Although it wasn't on the list, Wellenreiter is really great wireless scanner.

      Wellenreiter only received 6 votes (even after correcting for poor spelling :) and 10 were needed to place #75. But since it is clearly a useful free tool, I just added a link to it in the Kismet entry.

      Thanks for the suggestion,
      -Fyodor
      Concerned about your network security? Try the free Nmap Security Scanner

    2. Re:Wellenreiter by Anonymous Coward · · Score: 0

      It has come to my attention that on May 12, 2003, Slashdot ran a story in which it solicited questions for one Fyodor, (in)famous author of Open Source hacker tool nmap. I am rarely roused to action anymore, but I could not let what I saw pass. Millions of innocent security hobbyists and computer enthusiasts are being duped by Slashdot into using tools and websites created by Fyodor without knowing all of the facts:

      Fyodor is not a heroic "white hat" security expert, but a depraved, insidious hacker hell-bent on criminal intrusions into systems owned by minors!

      Please read on and review some of the facts so that you may come to your own conclusions about Fyodor and nmap.

      Beginning innocuously enough with this post by one electricmonk, supposedly a "Linux booth babe," several lonely Slashdot geeks were trolled into replying, both on Slashdot itself and privately by email. One of the individuals who replied privately by email was none other than the subject of this expos, Fyodor, cruising for some hot geek-loving ass. Little did Fyodor know that electricmonk was none other than SumDeusExMachina, AKA SDEM, long-time trolling stalwart. Fyodor had let his hormones get the better of his common sense as he began an attempt to seduce electricmonk.

      Not wanting to carry his charade on any further (and understandably so, with an over-excited Fyodor on his tail), SDEM explained politely and truthfully to Fyodor about the non-existant Linux booth babe who was really just a bored young man enrolled in college for the Summer. Fyodor's latest hantise femelle destroyed, he vowed revenge on SDEM no matter the cost. The word wanker echoed in his head as he decided not even the law would stop him in his unholy vengeance. In just over a week, Fyodor had owned SDEM's box and began posting about it in trolltalk.

      Luckily, on one unbelievably hot, humid Kansas City day back in August of 2002, Dame Fortune guided my hand to save a copy of trolltalk complete with Fyodor gloating at his criminal victory over SDEM. Scroll down a bit and look for posts by fv and decide for yourself. We even have a statement from one of the two parties involved and a nice summary of events by a very dependable third party who witnessed the entire fiasco. And back in the present, we have several individuals raising questions about Fyodor's morality and legal status.

      I now ask you, gentle sirs and madams, would you use a tool written by a known criminal, especially a known criminal who specifically attacks underage boys? Fyodor's endorsement by Slashdot is obviously a betrayal of simple journalistic integrity and ethics, with both the Slashdot staff and Fyodor standing to experience a significant financial windfall from their collaboration. I urge you to reconsider not only your patronage of Slashdot, but also any viewing or use of too

  12. WAP Detectors by muzzmac · · Score: 3, Interesting

    Has anyone seen a decent piece of software that can find WAP's on your network by scanning from the wired part of your network?

    What I want is something that scans for known MAC ID's or something to identifiy wireless access points without having to fly all over the country to do it.

    There are plenty of wireless based scanners but they involve travel.

    Any hints?

    1. Re:WAP Detectors by lucifuge31337 · · Score: 3, Informative

      They may not exsit/certianly aren't popular because of a simple reason: WAPs aren't the only problem, so it's not a complete and meaningful scan. Lots of laptops have wireless built in and gets owned....since it's plugged into your network you can ingress that way.

      The popular scanning solutions include several APs that cover your building/area and passivly listen for WiFi traffic. They are typically permamently mounted and listening.

      --
      Do not fold, spindle or mutilate.
    2. Re:WAP Detectors by Anonymous Coward · · Score: 0

      Fluke has some excellent products to do this

    3. Re:WAP Detectors by Istealmymusic · · Score: 3, Informative

      See the MAC manufacturer reference. Linksys (a WAP maker) has a couple blocks, but they don't use different OUI's for WAPs only. Its easy to detect WAPs if remote administration is enabled (the domain will be descriptive), but otherwise not as far as I know.

      --
      "The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
  13. Re:friewall by Anonymous Coward · · Score: 0

    Cheers to the inception of the "freedom wall"!.

  14. Strangely enough... by GC · · Score: 4, Interesting

    While all these tools turn out to be the Security Analyst's bible to utopia, they're also the ultimate cracker tools, missing only the Xploits that the old neverending line of script-kiddies use to bypass each and every point that these tools do their best to detect.

    Nessus is, however, a single tool, that can be as both useful to the white hat5 as it is the bl4ck hats.

    It gets my number one tool vote as being as useful to both partys - yet completely impartial.

    A very difficult road to tread indeed...

    1. Re:Strangely enough... by Anonymous Coward · · Score: 0, Troll

      I think the easier road to tread is why allow these tools in the first place?

      While you can argue over and over about which 'side' gets the most use out of a particular tool, it seems clear to me that without the 'black hats' having access to them, the 'white hats' wouldn't NEED them. that's going back to first prinsipals for me. Why make them so freely accessibly in the first place?. It's like mp3 sharing networks. They can be defended time and time again as useful tools and good for trading patches and such, but who seriously goes to an mp3 trading network for patches? do you really trust them? they trade mp3s to get around licenses and paying for music.

      Hence my skeptisism when it comes to security apps like these. I don't believe an excuse of 'impartiality' can be justified when a tool is made that has such strong dark uses.

      (watch the biased slashdot mods do their reactionary mod down on me, they can''t help themselves)

    2. Re:Strangely enough... by jareds · · Score: 2, Insightful

      Your analogy to file sharing is bad. A better analogy would be to weapons.

      In some la-la fantasy world where violence does not exist, no one would no needs weapons for self-defense. In reality, however, not allowing weapons puts the law-abiding at the mercy of criminals, who may still yet possess illegal weapons.

      In some la-la fantasy world where exploits do not exist, no would need to audit their network for security holes. In reality, however, not allowing such tools would leave law-abiding network administrators at the mercy of those who would scan their networks with an illegal tool and discover holes that the administrators have never even heard of.

      When a technology A has "strong dark uses", but one of its legitimate uses is defending against technology A, and it is in fact one of the best ways of defending against A, it is clear that making it illegal is sheer folly. For unless you stamp it out entirely, you are worse off than you would be if it were legal, and you could at least use it against itself.

  15. Timely article for my needs by l0ungeb0y · · Score: 5, Interesting

    In the last couple weeks I've amassed a few servers and a client network so, I've had no choice but to become a sysadmin. Which is not what I consider myself (I'm a graphic designer/Web App Programmmer) but, for the sake of responsibility, I find myself fast becoming one.

    So I welcome any such article as the one posted here to help better educate me and get me up to date on the even the most mundane of utilities (I hadn't even heard of nessus/netcat)

    I'm not a fresh unix convert or technically challenged, it's just that my occupation has demanded that I focus on front end and applicational development rather than network security and monitoring.

    So to get by I've been using very basic common sense like running firewalls for port blocking, not running insecure services such as telnet and in the event that i have to (one of my servers is a multiuser webhost so I had to turn FTP on) research and run a more secure variant of that service (for FTP I opted for vsftpd over wu/pro)

    And for security, besides my basic IP Masquerading and port blocking firewall (ya, it's that basic, I'm no guru) I run tripwire, which I run a sanity check daily as well as run snort.

    This config runs on everyting from my OS X laptop to the RH9 boxes for dev/production serving and seems "ok" for the moment.

    I do plan on evaluating/installing some kernal level patches to the RH boxen such as grsecurity but I thought I'd use this topic to fish for pointers as I am also looking for some good educational material such as IP/Network configuration and indepth material on properly setting up an ironclad DMZ. So if anyone has some highly recommended links or knows of soome good books on amazon to point out or even comments to make here to give some pointers, i'd be much appreciative.

    1. Re:Timely article for my needs by Azghoul · · Score: 1

      Too bad the other responders to your post are nitwits. I'm no expert either and I'll reload this one a few times to see if anyone knowledgeable actually responds...

      In the meantime, I've found that Hacking Linux Exposed, by Hutch, Lee and Kurtz is very cool, and O'reilly's Building Linux Firewalls is very thorough.

      I've also come to realize (admin'ing my company's network for a little over a year and only getting nipped once by me foolishly leaving FTP open) that using iptables with the default door closed, shutting down services and only opening what's absolutely necessary is a pretty nice start.

      Beyond that, it's my belief that our systems are in more danger from inside, and from potentially malicious employees (fortunately there's only one who knows anything other than me ;)). Now if I can just get the boss to spring for some good old-fashined Master Lock security.....

  16. Wasn't nmap the tool of controversy from SGI? by Billly+Gates · · Score: 2, Interesting
    I remember back in 94 about a SGI product manager being fired for releasing a tool( nmap??). Basically Irix was being hacked to death and he wanted to do something about it.

    He developed it as a tool to help system administators secure their system but SGI did not like it because crackers could use it.

    Was this SGI tool nmap or not? I was only 16 at the time and can't remember.

    --
    http://saveie6.com/
    1. Re:Wasn't nmap the tool of controversy from SGI? by IvyMike · · Score: 4, Informative

      You're almost certainly thinking of Dan Farmer's SATAN. Read the story for yourself.

    2. Re:Wasn't nmap the tool of controversy from SGI? by Billly+Gates · · Score: 1
      Thanks I am going to download a copy now!

      It still pisses me off today that clueless SGI managers view security through obscurity as a means to an end. Irix today is knows to be one of the least secure versions of Unix out of the box right besied SCO openserver. Hmm how did that happen? Judging by how SGI treated security in the past including this incident shows how Irix got the way it did. Here is sgi's opinion on it.Non biased info is here.

      Anyway he should named it something different. A clueless person HR looking at a firing request seeing the words "satan" and "hacker" together certainly cost him his job.

      As far as I know its still only a scanning tool like nmap does not actually carry attacks to me knowledge.

      Looking at the docs it seems that Satan is cool in terms of you can hide your scanning tracks easier then standard tools like nmap. This is great for a counter cracker attack when I am hacked.

      Now lets fire all the system administrators who use this dangerous tool called nmap.

      --
      http://saveie6.com/
    3. Re:Wasn't nmap the tool of controversy from SGI? by stefanlasiewski · · Score: 1

      I think his intent was to be contraversial.

      I mean, calling it 'SATAN' instead of something like 'Cute Puppy Dog Network Analysis Tool' is a reflection of his intent.

      That said, I'm really happy that tools like SATAN exist now. Scanning your own network is a great way to learn about network security.

      --
      "Can of worms? The can is open... the worms are everywhere."
  17. Security for the home user by OneArmedMan · · Score: 5, Funny

    1) Unplug the power cords and network cables / phone lines.
    2) Put it back in the box.
    3) Send it back to the place that you bought it from.

    Sure its not very practical, but it would make my job a hell of a lot easier

    1. Re:Security for the home user by /dev/trash · · Score: 2, Funny

      But if everyone did that wouldn't you be out of a job?

    2. Re:Security for the home user by OneArmedMan · · Score: 4, Funny

      Nah, I'll always have my job, cause there are always people who say "But my *expert friend said*, followed by *and then my pc just stoped working*. At which point my fee / hour doubles

    3. Re:Security for the home user by Anonymous Coward · · Score: 0

      You! I keep hearing, "I paid him double and now it doesn't even boot." It's you!

    4. Re:Security for the home user by /dev/trash · · Score: 1

      Gotta love the 'expert friends'. Now if I could get my friends to pay me for the problems I fix for them.

  18. I am surprised ... by Anonymous Coward · · Score: 2, Interesting

    I am surprised that aide was not listed. It is a free equivalent to tripwire (which is on the list), and works very well for my needs on both Linux and FreeBSD.

    1. Re:I am surprised ... by fv · · Score: 4, Informative
      > I am surprised that aide was not listed.

      AIDE only received 4 votes, while 10 were needed to place #75. But I agree that it is a useful free tool that potential Tripwire users should know about. And so I have added an AIDE link to that entry.

      Thanks,
      -Fyodor
      Concerned about your network security? Try the free Nmap Security Scanner

    2. Re:I am surprised ... by zzyp · · Score: 1

      I wanted a tool for checking File system integrity on a Windoze 2000 network, maybe AIDE with Cygwin will do the trick?
      Please modify your comment on insecure.org to include that Windoze with Cygwin is also supported.

      May your tribe increase!

    3. Re:I am surprised ... by Anonymous Coward · · Score: 0

      It has come to my attention that on May 12, 2003, Slashdot ran a story in which it solicited questions for one Fyodor, (in)famous author of Open Source hacker tool nmap. I am rarely roused to action anymore, but I could not let what I saw pass. Millions of innocent security hobbyists and computer enthusiasts are being duped by Slashdot into using tools and websites created by Fyodor without knowing all of the facts:

      Fyodor is not a heroic "white hat" security expert, but a depraved, insidious hacker hell-bent on criminal intrusions into systems owned by minors!

      Please read on and review some of the facts so that you may come to your own conclusions about Fyodor and nmap.

      Beginning innocuously enough with this post by one electricmonk, supposedly a "Linux booth babe," several lonely Slashdot geeks were trolled into replying, both on Slashdot itself and privately by email. One of the individuals who replied privately by email was none other than the subject of this expos, Fyodor, cruising for some hot geek-loving ass. Little did Fyodor know that electricmonk was none other than SumDeusExMachina, AKA SDEM, long-time trolling stalwart. Fyodor had let his hormones get the better of his common sense as he began an attempt to seduce electricmonk.

      Not wanting to carry his charade on any further (and understandably so, with an over-excited Fyodor on his tail), SDEM explained politely and truthfully to Fyodor about the non-existant Linux booth babe who was really just a bored young man enrolled in college for the Summer. Fyodor's latest hantise femelle destroyed, he vowed revenge on SDEM no matter the cost. The word wanker echoed in his head as he decided not even the law would stop him in his unholy vengeance. In just over a week, Fyodor had owned SDEM's box and began posting about it in trolltalk.

      Luckily, on one unbelievably hot, humid Kansas City day back in August of 2002, Dame Fortune guided my hand to save a copy of trolltalk complete with Fyodor gloating at his criminal victory over SDEM. Scroll down a bit and look for posts by fv and decide for yourself. We even have a statement from one of the two parties involved and a nice summary of events by a very dependable third party who witnessed the entire fiasco. And back in the present, we have several individuals raising questions about Fyodor's morality and legal status.

      I now ask you, gentle sirs and madams, would you use a tool written by a known criminal, especially a known criminal who specifically attacks underage boys? Fyodor's endorsement by Slashdot is obviously a betrayal of simple journalistic integrity and ethics, with both the Slashdot staff and Fyodor standing to experience a significant financial windfall from their collaboration. I urge you to reconsider not only your patronage of Slashdot, but also any viewing or use of too

  19. SAINT not SAINTLY by wolf- · · Score: 2, Troll

    After SAINT the network tool went after the author of Saint (the open source server/service uptime application) over a name/branding dispute, we have stopped recommending their product (the network security tool) entirely.

    They were similarly named, however, there was very little chance of them being confused for one another. Apparently SAINT didn't have enough confidence in their own marketing or their customers intelligence to keep their lawyers out of it.

    Just my 2 cents worth. But then, my 2 cents has an effect on a few large clients with large budgets. Good Job SAINT.

    --
    ----- LoboSoft specializes in Digital Language Lab
  20. uh.. wrong product name? by EvilStein · · Score: 3, Informative

    I belive that you're thinking of Netsaint...aren't you?

    It's now called Nagios :-)

    1. Re:uh.. wrong product name? by Anonymous Coward · · Score: 0

      Exactly. Nagios is an amazing product, great open source project. And really, did "NetSaint" confuse you with "SAINT"?

      Thank you for the reply. I was on a low bandwidth terminal when I posted, and didn't notice the error until after I had posted (yeah, I even looked at the preview, doh).

  21. Always... by oaf357 · · Score: 1

    This is always a must read. As are a lot of things at insecure.org.

  22. Frighteningly Scary but in a Good Way by oaf357 · · Score: 0, Redundant

    Some of these tools will allow anyone to monkey f*ck a network if they'd like. Hopefully the script kiddies won't be able to figure these out. LOL!

  23. Re:friewall by jandrese · · Score: 3, Informative
    Zone alarm may provide good protection, but it's far from a great product.
    • There's no way to prevent it from spitting up gobs of annoying dialog boxes. This is especially annoying when you're playing some 3D game and zone alarm tries to put up a box on the screen asking you to allow it to go online.
    • It is a pig. It takes 5 minutes or more to boot on my laptop, and is by far the last component ready when I boot up my machine
    • The interface needs work. It's hard for me to find just about everything in it, from the access logs, to the application table, to the network table, etc...
    • It is not good about remembering your settings unless you shut it down normally. If the only time you leave windows is when you crash, be prepared to tell Zone Alarm that Mozilla is allowed to access the internet all over again. I've actually gone and run every network application I could think of, then rebooted just so I wouldn't have to tell Zone Alarm about it again.
    Those are just the annoyances I could think of off the top of my head. I probably wouldn't run it (I'm behind a BSD firewall at home anyway) except that the IT department insists on it (it's my work machine).
    --

    I read the internet for the articles.
  24. Re:I know the *most* popular security purchase.... by Anonymous Coward · · Score: 0

    I'm not the parent...but uh, troll? nah, just funny/offtopic.

  25. IRIX has changed since those days by green+pizza · · Score: 1

    IRIX has changed a lot over the past 6 years. At one point, a stock install of IRIX had almost a dozen root-exploitable holes. These days security holes in IRIX are rare, and are quickly patched by SGI. The company has gone a step further and has actually been making useful security suggestions to its customers. IRIX 6.5 includes a pointy-clicky GUI app to help its artsy users secure some common weaknesses.

    For those that have been away from IRIX for awhile, even since 6.5.0 shipped, a lot has been added in recent years... IPFilter, SSH, Kerberos, and other security-aware goodies are now offically supported and have been added in IRIX updates.

    IRIX is no OpenBSD, but it has come a LONG way to make itself more secure, especially over the past two years. These days it's on-par with most Linux and Unix distros... average is a pretty good step up from what it once was.

    1. Re:IRIX has changed since those days by Anonymous Coward · · Score: 0
      hehe

      I will believe it when I see it.

      Irix is almost as bad as SCO. Its great with graphics but even sendmail is 5 years old.

      Unfortunatly if Irix is better it might be too little too late for this dieing company. Isn't it true they sold opengl to Microsoft.

    2. Re:IRIX has changed since those days by green+pizza · · Score: 1

      IRIX 6.5.19 and newer uses Sendmail 8.12.x. I belive BIND was also updated at the same time.

      But yeah, most IRIX boxes (especially older ones) are running Sendmail 8.9.3 or worse.

    3. Re:IRIX has changed since those days by green+pizza · · Score: 1

      Unfortunatly if Irix is better it might be too little too late for this dieing company. Isn't it true they sold opengl to Microsoft.

      Brainless management, crazy high prices, and new MIPS processors behind schedule. There are gobs of reasons why SGI may tank soon. They do have a pretty cool new Linux/Itanium2 system based on Origin architecture. 512 GB RAM and 64 processors on a single linux box (not a cluster).

      The biggest SGI is MIPS/IRIX based, though... up to 1024 processors and 1 TB ram on a single machine. Insane system thruput with a price to match! Unfortunately for SGI (and for Cray and their X1) there are only so many governments that can afford (or need the interprocessor thruput of) such huge machines.

      SGI still has the rights to most of its technology and patents. They did, however, sell some tech to Microsoft just before the XBox launch. While it was never made public, it is belived the tech was several generalied 3D game console patents SGI filed when creating the Nintendo 64 and various Video-on-demand settop boxes.

      OpenGL, while still "owned" by SGI, is mostly handled by the OpenGL board (opengl.org).

  26. OT: Secure your SGI today... by green+pizza · · Score: 2, Informative

    1) Update your install of IRIX 6.5 to the most recent version available to you (6.5.16m for most people, 6.5.19 or 6.5.20 for those with a support contract). If you're unsure about updating, read about the IRIX Release Process as well as theIRIX Compatibility Mandate.

    2) Install the security patches for your version of IRIX (note that IRIX releases previous to 6.5.15 will probably not have the most recent security patches available).

    3) If you're a security newbie, run the "Improve System Security" application... it can be found under the Security and Access Control section of the System Manager.

    4) Install IPFilter, be sure to learn how to use it.

    5) Subscribe to SGI's security advisory mailing list.

    6) Newbies outta read some of SGI's other sysadmin manuals as well:
    Personal Sysadmin
    IRIX Admin

    7) Update your various freeware apps... be sure to read the seperate freeware security notice:
    http://freeware.sgi.com

  27. +1 Informative! by Anonymous Coward · · Score: 0

    i certainly learned something new

  28. Eeye by lonesome+phreak · · Score: 3, Informative

    Retina, by Eeye, is another excellent scanning school. IMHO, it's better than GFILanguard. I especially like the ability to fix registry problems from the scanning machine. It's interface is also very smooth. It's located here. They also have another product for scanning IIS, but I haven't used it yet.

    --
    Maybe we DID take the blue pill. You wouldn't remember anyway.
    1. Re:Eeye by barc0001 · · Score: 2, Informative

      Retina is good, but even the free version of LANGuard is great for the point-and-click crowd. Windows is not my preferred platform of choice, but I must say I was pleasantly surprised the first time I took a look at LANGuard.
      But I wonder if it's not a bad thing that these tools are starting to auto-fix so many items, like the aforementioned Retina and the registry issues. Call me old-fashioned, but I like my people to fix the problems on a box by actually getting onto the box and doing it from there. That way you can also tell if anything... funky... is going on. NT/2000 will do that to you sometimes. Responds to remote requests OK, but there's something going hogwild that you don't really notice until you get onto the console.
      Plus, of course, the more people just click a button for scan, and another for fix, the less they'll know what to do if the "fix" button doesn't work in a certain case.

    2. Re: Eeye by lonesome+phreak · · Score: 1

      You don't HAVE to repair it from the scanning machine. In fact, you still have to get on the machine to update it for patches. I use both products when I do my audits. I like Retina better, mainly because their reports and the interface looks better. I do audits for medical houses for their HIPAA security compliance.

      For the funky stuff...that's why I suggest to always deploy changes/patches to a single PC, run it for 24 hours, then roll changes out to the rest. I always suggest something like SUS for patch control, so the boxes that don't have net access can still be updated. The main problem is I don't actually work at these places, so half the time they don't implement what I suggest and then wonder why things didn't go right. Luckly I have them sign off on my risk analysis, so I can always point and say "You didn't do XYZ, therefor you are having problems in ABC".

      --
      Maybe we DID take the blue pill. You wouldn't remember anyway.
  29. Re:friewall by scubacuda · · Score: 1
    wtf? was this modded as troll?

    I agree--it has a lot of shortcomings...

  30. APTools by _Sprocket_ · · Score: 3, Informative

    APTools is one example.

  31. Re:friewall by rsax · · Score: 1
    There's no way to prevent it from spitting up gobs of annoying dialog boxes. This is especially annoying when you're playing some 3D game and zone alarm tries to put up a box on the screen asking you to allow it to go online.

    Umm, bring up the ZoneAlarm window/interface, click on Alerts & Logs and then under Alert Events Shown select Off. And as far as allowing other programs to go online, click on Program Control then click on the Programs tab and add the executable which generates the alert. Really, it isn't that hard. Atleast it shouldn't be for someone who can setup a BSD firewall.

  32. Re:firewall by chickensdelight · · Score: 0

    Why is this flamebate.