Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nmap Security Tool Survey

Posted by michael on from the portscanning-for-fun-and-profit dept.

spring writes "Every so often, the author of everyone's favorite network reconnaissance tool, nmap, runs a survey to determine which security-oriented software products are most popular. This year's tool survey was just released, and it contains some interesting results. Old favorites like Nessus, Snort, Netcat, and Ethereal made the list, of course. SAINT and SARA are still around. But a number of new tools appeared this year, like Windows-only GFI LANguard, SuperScan, and Cain & Abel. Nikto and Kismet demonstrate the growing importance of wireless networks. The survey contains many good tools. Certainly worth a read."

18 of 104 comments (clear)

  1. I know the *most* popular security purchase..... by AMuse · · Score: 3, Informative

    It's These Guys.

    When a windows java exploit can reformat your disk by visiting a malformed web page, you don't really have to wonder why they're so popular.

  2. Ethereal a security tool ? by Rosco+P.+Coltrane · · Score: 3, Informative

    Ethereal == tcpdump with graphical interface. Incredibly nice tool, but hardly a security tool.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Ethereal a security tool ? by Rosco+P.+Coltrane · · Score: 3, Informative

      Of course, but I mean it's not a security tool per se, it's a general purpose tool that happens to be usable for security purposes. Kind of reading /var/log/messages actually :-)

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    2. Re:Ethereal a security tool ? by the+uNF+cola · · Score: 3, Informative

      Point is, sniffers are the only tool out there to actually see what traffic is out there. Yeah, you can use nmap for finding out what OS is running (sometimes) but that's not security per se either. Its just tcp/ip-to-OS identification.

      Sometimes ducks don't just quack. The sometimes fly and lay eggs too.

      --

      --
      "I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo

  3. Re:Security tools are awesome, but.... by ChazeFroy · · Score: 2, Informative

    Nikto...demonstrate[s] the growing importance of wireless networks.

    Last I checked, Nikto had nothing to do with wireless networks. It's a web server scanner based off Whisker.

  4. mac os X tools by FiDooDa · · Score: 5, Informative

    for those interested in sec tools on mac OS X, here is a small list of tools to add :

    rpg password generator
    kismac a kismet equivalent that also includes a WEP cracker. very nice!
    macanalysis a really good security tools suite

  5. Wellenreiter by Echelon309 · · Score: 5, Informative

    Although it wasn't on the list, Wellenreiter is really great wireless scanner. Plus, it runs on the Zaurus under OZ3, which makes it great for less conspicuous scanning since you don't have to lug a laptop around.

    1. Re:Wellenreiter by fv · · Score: 4, Informative
      > Although it wasn't on the list, Wellenreiter is really great wireless scanner.

      Wellenreiter only received 6 votes (even after correcting for poor spelling :) and 10 were needed to place #75. But since it is clearly a useful free tool, I just added a link to it in the Kismet entry.

      Thanks for the suggestion,
      -Fyodor
      Concerned about your network security? Try the free Nmap Security Scanner

  6. Re:WAP Detectors by lucifuge31337 · · Score: 3, Informative

    They may not exsit/certianly aren't popular because of a simple reason: WAPs aren't the only problem, so it's not a complete and meaningful scan. Lots of laptops have wireless built in and gets owned....since it's plugged into your network you can ingress that way.

    The popular scanning solutions include several APs that cover your building/area and passivly listen for WiFi traffic. They are typically permamently mounted and listening.

    --
    Do not fold, spindle or mutilate.
  7. Re:WAP Detectors by Istealmymusic · · Score: 3, Informative

    See the MAC manufacturer reference. Linksys (a WAP maker) has a couple blocks, but they don't use different OUI's for WAPs only. Its easy to detect WAPs if remote administration is enabled (the domain will be descriptive), but otherwise not as far as I know.

    --
    "The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
  8. Re:Wasn't nmap the tool of controversy from SGI? by IvyMike · · Score: 4, Informative

    You're almost certainly thinking of Dan Farmer's SATAN. Read the story for yourself.

  9. uh.. wrong product name? by EvilStein · · Score: 3, Informative

    I belive that you're thinking of Netsaint...aren't you?

    It's now called Nagios :-)

  10. Re:I am surprised ... by fv · · Score: 4, Informative
    > I am surprised that aide was not listed.

    AIDE only received 4 votes, while 10 were needed to place #75. But I agree that it is a useful free tool that potential Tripwire users should know about. And so I have added an AIDE link to that entry.

    Thanks,
    -Fyodor
    Concerned about your network security? Try the free Nmap Security Scanner

  11. Re:friewall by jandrese · · Score: 3, Informative
    Zone alarm may provide good protection, but it's far from a great product.
    • There's no way to prevent it from spitting up gobs of annoying dialog boxes. This is especially annoying when you're playing some 3D game and zone alarm tries to put up a box on the screen asking you to allow it to go online.
    • It is a pig. It takes 5 minutes or more to boot on my laptop, and is by far the last component ready when I boot up my machine
    • The interface needs work. It's hard for me to find just about everything in it, from the access logs, to the application table, to the network table, etc...
    • It is not good about remembering your settings unless you shut it down normally. If the only time you leave windows is when you crash, be prepared to tell Zone Alarm that Mozilla is allowed to access the internet all over again. I've actually gone and run every network application I could think of, then rebooted just so I wouldn't have to tell Zone Alarm about it again.
    Those are just the annoyances I could think of off the top of my head. I probably wouldn't run it (I'm behind a BSD firewall at home anyway) except that the IT department insists on it (it's my work machine).
    --

    I read the internet for the articles.
  12. OT: Secure your SGI today... by green+pizza · · Score: 2, Informative

    1) Update your install of IRIX 6.5 to the most recent version available to you (6.5.16m for most people, 6.5.19 or 6.5.20 for those with a support contract). If you're unsure about updating, read about the IRIX Release Process as well as theIRIX Compatibility Mandate.

    2) Install the security patches for your version of IRIX (note that IRIX releases previous to 6.5.15 will probably not have the most recent security patches available).

    3) If you're a security newbie, run the "Improve System Security" application... it can be found under the Security and Access Control section of the System Manager.

    4) Install IPFilter, be sure to learn how to use it.

    5) Subscribe to SGI's security advisory mailing list.

    6) Newbies outta read some of SGI's other sysadmin manuals as well:
    Personal Sysadmin
    IRIX Admin

    7) Update your various freeware apps... be sure to read the seperate freeware security notice:
    http://freeware.sgi.com

  13. Eeye by lonesome+phreak · · Score: 3, Informative

    Retina, by Eeye, is another excellent scanning school. IMHO, it's better than GFILanguard. I especially like the ability to fix registry problems from the scanning machine. It's interface is also very smooth. It's located here. They also have another product for scanning IIS, but I haven't used it yet.

    --
    Maybe we DID take the blue pill. You wouldn't remember anyway.
    1. Re:Eeye by barc0001 · · Score: 2, Informative

      Retina is good, but even the free version of LANGuard is great for the point-and-click crowd. Windows is not my preferred platform of choice, but I must say I was pleasantly surprised the first time I took a look at LANGuard.
      But I wonder if it's not a bad thing that these tools are starting to auto-fix so many items, like the aforementioned Retina and the registry issues. Call me old-fashioned, but I like my people to fix the problems on a box by actually getting onto the box and doing it from there. That way you can also tell if anything... funky... is going on. NT/2000 will do that to you sometimes. Responds to remote requests OK, but there's something going hogwild that you don't really notice until you get onto the console.
      Plus, of course, the more people just click a button for scan, and another for fix, the less they'll know what to do if the "fix" button doesn't work in a certain case.

  14. APTools by _Sprocket_ · · Score: 3, Informative

    APTools is one example.