Interview with NMAP Creator Fyodor

An anonymous reader writes "Whitedust has an interview with Fyodor, creator of NMAP. The interview covers a broad range of topics from Fyodor's roots and motivations in the security world to his newer projects and even mentions Fyodor's forthcoming book on NMAP network scanning."

Roots and motivations?

[Capt'n+Hector]

Could it be that the motivation was... root?

Re:Roots and motivations?

[mobby_6kl]

> Could it be that the motivation was... root?

Not in Australia.

punny.

[dshaw858]

[...] Fyodor's roots [...]

Har har. Get it? Port scanner? His ... roots?

I thought it was funny.

- dshaw

Re:punny.

[Ziviyr]

I don't get it.

Done a little too much LDS?

Re:punny.

[BandwidthHog]

Done a little too much LDS?

Dude, a little bit of Mormon goes a *long* way.

Re:punny.

[Ziviyr]

Dude, a little bit of Mormon goes a *long* way.

Thats not a star trek reference, I don't get it either.

Fyodor

If anyone is wondering what his last name is, 'Fyodor' is a pseudonym (a.k.a. a "handle"). So there is no last name to go with it.

This handle was partly inspired by Fyodor Dostoevsky, who was perhaps the second greatest writer of all time.

Re:Fyodor

[shadowdata]

Who was the first then ??

Re:Fyodor

[dirtsurfer]

This handle was partly inspired by Fyodor Dostoevsky, who was perhaps the second greatest writer of all time.

With the first greatest writer being, of course, Mr. Anonymous Coward

Re:Fyodor

[Osty]

The parent erred. The post ment to suggest Fyodor Dostoevsky was possibly the second greatest novelist of all time. This, of course, is also an error, as Miguel de Cervantes was the greatest novelist of all time, followed by Tolstoy, then by Flaubert.

Or, he was referring to Monkey Island's running gag of, "That's the second biggest [monkey head | duck | arrow | etc] I've ever seen."

Is it so wrong that Monkey Island was the first thing that came to mind when reading the OP's post?

Re:Fyodor

[bobintetley]

This handle was partly inspired by Fyodor Dostoevsky, who was perhaps the second greatest writer of all time.

Don't know why (I have heard of the famous Fyodor), but I always assumed he picked it because when you say it out loud it sounds like "fire-door" :-)

Re:Fyodor

[Philip+K+Dickhead]

The degree of civilization in a society can be judged by entering its prisons.
-- Dostoyevski

So, it seem Fyodor was trying to get out of jail(2) ?

Re:Fyodor

[tomatensaft]

Or, actually, trying to enter it, by the unusual ways...

Re:Fyodor

The "that's the second biggest..." gag originally comes from Get Smart.

Re:Fyodor

[jackbird]

Or, he was referring to Monkey Island's running gag of, "That's the second biggest [monkey head | duck | arrow | etc] I've ever seen."

That gag predates Monkey Island by quite a few years. Not that Monkey Island didn't kick ass.

Re:Fyodor

[AvitarX]

I alwayays just assumed it was a last name.

Re:Fyodor

[KlomDark]

I woke up from a short NMAP and smelled this horrible Fyodor. Wow man, did someone bust open a stink bomb on the network?

* Looking back from the future, it will be seen that this post is the one that will inspire someone else to create a revolutionary new toolset called NOSTRILS that will revolutionize everything. Really, just wait and see. *

Re:Fyodor

Why, thank you! Thank you very many!

Re:Fyodor

Thank you, dear Google bot. No mention of Mika Waltari, Stephen King, or Vlad Majakovski.

Asshat.

Re:Fyodor

[Philip+K+Dickhead]

I say "tomahto", you say "tomatensaft"...

Re:Fyodor

[fbg111]

Or from Hitchhiker's guide:

"What is this great task for which I, Deep Thought, the second greatest computer in the Universe of Space and Time, have been called into existence?"

Re:Fyodor

[tomatensaft]

Don't let my nickname mislead you, buddy... :) I usually pronounce it "pomidor", or more rarely: "tomat". :)

real sysadmins...

[weighn]

...forgo those fancy tools and port scan from Vim

Re:real sysadmins...

[bersl2]

...forgo those fancy tools and port scan from Emacs

Fixed that for you.

Re:real sysadmins...

[loucura!]

...forgo those fancy tools and port scan from Emacs from Vi

There, fixed that for you too.

Re:real sysadmins...

>forego those fancy tools and port scan from HONK HONK HONK!!!!1
There, fixed that for you as well.

Re:real sysadmins...

...forgo those fancy tools and port scan from Pico

Finally, a correct version.

Re:real sysadmins...

...forgo those fancy tools and port scan from a text editor they rolled themselves.

That should take care of it. Also, real sysadmins know that the internet is totally insecure, and thus block all ports.

Fyodor's nmap is a great tool

[SecureTheNet]

for network assesment. It's the best free tool out there, and IMHO better than the commercial apps as well.

Obligatory

[Council]

I was going to ask what he thought of nmap porn, but then I realized the link I was using was from nmap's own site! Apparently they condone this sort of thing.

Come on, Fydor, admit it. Like most of us, you don't really care about coding, you just do it to get girls.

Re:Obligatory

[Council]

Watch the video. She's cuter than the stills look.

Re:Obligatory

When I went to the site it said:

[ The HaXXXor video downloads which were here have been removed -- I could not afford the bandwidth charges ]

Nooooooooo!!!!!11

So.. umm.. anyone have a torrent?

Re:Obligatory

[blincoln]

Watch the video. She's cuter than the stills look.

More like "it's a video of a rivet-ish girl using nmap while stripping, and all the dorks on Slashdot can say is that she's not hot enough." Why is it that so many computer geeks don't get dates again?

Re:Obligatory

[Council]

Why is it that so many computer geeks don't get dates again?

At the moment, I'm blaming DRM.

Best Fyodor quote

[LarsWestergren]

In the second Matrix film, Trinity uses nmap to find a vulnerability in an old SSH version that she then exploits. Probably the first realistic hacking depiction in a major film. Fyodor said something along the lines of
"It was so awesome, my jaw dropped when I saw it in the theaters. A sexy woman uses my program. I think that means we are married."

Smileys

[arch119]

WD> Have you ever been concerned that Nmap is used for blackhat purposes?
Fyodor> I doubt that Nmap has ever been used for blackhat purposes. OK, maybe once or twice :). But ...


....I just hope the WD guys didn't interview someone logged in to an IRC channel and claiming himself as being Fyodor.....

Re:Smileys

Well... I guess this kinda shuts you up huh?

Re:Smileys

[arch119]

Well... I guess this kinda shuts you up huh?

How ? It only suggests that a guy, (whose handle is "fv" and who asserts his email add. to be fyodor@insecure.org ( and is not worried about even the dumbest of spam robots acquiring his email add.)) makes a declaration that a sample chapter from an unpublished book is available online.
Is he the real Fyodor? God knows.
Did he say anything about giving interview to any website? I didn't notice.
Please shut me up. That ain't enough.

Advance Chapter: Nmap Reference Guide

[fv]

The Nmap Network Scanning book isn't yet complete, but I have decided to release one of the most important chapters in advance online. That is this Nmap Reference Guide, which will become the new man page. It is rewritten from scratch to be much more comprehensive and detailed than the previous version, and better organized as well. It can be read top to bottom or used as a quick reference to look up that obscure scan type you are considering. Let me know if you have any suggestions for improving it. I'm also looking for translators (the previous man page is available in nine languages. If you are interested, send me mail with your target language. That way I can send you the source file (DocBook XML) to translate rather than the HTML/Nroff which is auto-generated. That will also prevent the case of several people duplicating effort by translating to the same language. I was planning to announce this tomorrow, but since the book seems to be mentioned at the top of Slashdot right now anyway, I just scrambled to put it up.

And now for the goods. Here is the HTML Nmap Reference Guide. Or you can download the Nroff (man page) form here. Enjoy!

-Fyodor

Re:Advance Chapter: Nmap Reference Guide

[foorilious]

Hey Fyodor, I wrote reflscan, and I think it's pretty cool that you still mention it, especially since the version that got out was so crappy, and your scanner doesn't owe anything to it. Cheers.

Re:Advance Chapter: Nmap Reference Guide

Fyodor rooted a troll? Cool ;)

I'm not sure I'd go that far myself but there's no question about it - I'd be tempted if I felt humiliated enough.

As for the post you linked to, what a whining POS troll. Not to mention the irony of him suddenly becoming a dramaqueen playing the "victim". They (trolls) get off on screwing with peoples heads and hiding behind the anonymity of the internet, so, what on earth makes them think people will behave nicely in return? Oh, I see - "It was just a joke". Heh, I've got news for you - some people don't like to get kicked around and trolls are naive if they think actions wont have consequences.

So, how did it feel to get hacked? I mean, if it wasn't you then why would you even care?

Re:Advance Chapter: Nmap Reference Guide

[ptarjan]

I just reviewed the manpage.. looks very good.. except I noticed that my name no longer resides on the author section..

Re:Advance Chapter: Nmap Reference Guide

[foorilious]

I'm not sure why this comment is getting -2 redundant, since as far as I know it's nowhere else in the article or the comments that I wrote reflscan and that I'm honored that Fyodor is conscientious enough to continue to mention it in interviews like these (as well as the other scanners he liked and wanted to improve upon). If the mods are detecting sarcasm in my post, they do so incorrectly.

Off-topic I could maybe see, but redundant? What?

It mentions the book?!?!

[andreMA]

and even mentions Fyodor's forthcoming book on NMAP network scanning.

Of course the book has absolutely nothing to do with why he gave the interview.

Not that there's anything wrong with pushing a book you've written, but it being mentioned is hardly a surprise.

Actual quote

You have butchered it quite a bit. What he actually said was:

From: Fyodor
Date: Thu, 15 May 2003 02:17:19 -0700

Hi Everyone. There is a disturbance in the force! You may recall a couple weeks ago that MS started recommending Nmap on some of their web pages. That was strange, but I did not foresee the anomalous omens that would ensue.

Like almost any self-respecting geek, I bought tickets to 'Matrix: Reloaded' several weeks back (no spoilers, I promise). After all, who can resist the combination of philosophical mind games and Trinity (Carrie-Anne Moss) in that tight leather bodysuit?

So after waiting an hour in a line snaking out of the theatre to the parking lot, I finally got in to my 10pm Wednesday showing. All was going well until Trinity needed to do some hacking. Oh, no! I was sure we'd see a silly "Hackers"-esque 3D animated "hacking scene". Not so! Trinity is as smart as she is seductive! She whips out Nmap (!!!), scans her target, finds 22/tcp open, and proceeds with an ber ssh technique! I was so surprised, I almost jumped out of my seat and did the "r00t dance" right there in the theatre!

There can be only one explanation: Carie-Anne has the hots for me! [...]

Re:Actual quote

[antdude]

Heh, it was quite funny when I went to see the movie with a bunch of geeks who work for a well-known security company. Pretty much the whole theater busted laughing at that scene. It's just weird and cool. :)

Re:Actual quote

[LarsWestergren]

Thanks for the correct quote... I Googled awhile for it but was unable to find it.

Re:Actual quote

[Sigg3.net]

Anyone has an overall plan for this "r00t dance"?

Re:Fyodor is not a heroic "white hat" security exp

Yeah I think someone else tried to troll this up from the past as well earlier on and it got modded down badly.

Perhaps no one cares? Fyodor is a security legend. Deal with it.

Scanrand Muthafucka!

Do you use it?

Not safe for work alright...

[coma_bug]

She has the current working directory in $PATH.

Thank you, NMAP-developer-like people.

[Douglas+Simmons]

This article takes me back to my slackware days. People ask me how I learned what I know, and the answer is that back in the day I got my hands on nmap and other impressive tools and through wild guess and checking began to conceptualize the whole net thing. Well, to come clean, I'd give out free shells on IRC and ttysnoop other people running nmap to hack my box -- that's how I got started.

My point is it didn't come from books, a class or even man pages (that's a given), but toolin' around with the tools epitomized by nmap. Seeing this article touched a nerve in me to say thanks as the readers of this, in my estimation, is a group most densely populated by people who coded wares that got me to wherever I am today, which apparently is a very low-level pron tycoon, who's all about the high res.

Thanks.

never mind the mod abuse -- read parent links

I guess it's clear that certain editors and mods don't want this issue creeping into the discussion, but it's important. It sits at zero despite being relevent and raising disturbing issues surrounding fyodor's legitimacy.

Re:Fyodor is not a heroic "white hat" security exp

[timmarhy]

what kind of useless bastard reposts old old trolls like this one. what a crock of shit.

Go root!

[Dogtanian]

> > Could it be that the motivation was... root?

> Not in Australia.

Well, psychologists would say that all this work is ultimately done to impress women and get laid.

On second thoughts, is writing code likely to get you laid? (Hint for the stereotype /. reader; taking a shower is easier, and probably more effective.)

(BTW, since parent didn't make it clear, 'root' is slang for sexual intercourse in Australian English)

Question

[tomstdenis]

How do you write a book on NMAP?

Is it how the networks operate and how NMAP plays with it? Or is this an NMAP manual? I mean it ain't exactly hard to use. I can't imagine a book on how to use NMAP being more than 50 pages or so...

Of course I haven't read any TFA if there is one...

Tom

hey man, if you need a job

I've found you one :)

Playboy TV is looking for a person experienced in viewing programmes for television broadcast for compliance with Ofcom regulations

http://www.grapevinejobs.com/index.asp?Page=jobsee ker/jobseeker_jobs_more_detail.asp?client_job_id=9 978

Nmap is bigger than you think...

[networkuptime]

I can't imagine a book on how to use NMAP being more than 50 pages or so...

That's exactly what I thought when I started writing a short tutorial on nmap. 200 pages later(!), it's a comprehensive guide to the operation and inner-workings of nmap.

I've documented, graphically displayed, and captured network traffic for every nmap ping type, scan method, and nmap option. Not every nmap option works exactly the way one might expect, so I've also documented the "gotchas" when using nmap. I also wrote a chapter that outlines some practical uses of nmap for ongoing security needs.

I've released the book with a Creative Commons license, and posted the entire book to the web for free! My goal was to give something back to the security community that could be used to make networks more secure and to help network professionals understand what happens when these scans are active on their network.

Secrets of Network Cartography: A Comprehensive Guide to nmap is available at:

http://www.networkuptime.com/nmap/index.shtml

I'm working on the next version now, and I'm open for suggestions and comments. Please let me know what you think!

James Messer

Re:nmap GUI

you can't. AFAIK, you can't run the command line version w/ full functionality as non-root either.

Spelling it out in in 200pt comic sans

[I+Like+Pudding]

LDS = Latter Day Saints = Mormons

Re:Spelling it out in in 200pt comic sans

[Ziviyr]

If I were making battlestar galactica references I might have gotten it.

Talking about Mormons in the face of ly-diethylamide sergic acid is a bit weird, even for me, though.

Re:Fyodor is not a heroic "white hat" security exp

[blincoln]

I now ask you, gentle sirs and madams, would you use a tool written by a known criminal

Yes.

Next question?

Re: use a tool written by a known criminal?

[Anomalyst]

This undeserved bashing of MS and BG has got to stop.

fyodor broke the law

not much of a "troll" to "debunk" now is it? He broke the law and some kids took note. Its no big deal, we've all made mistakes, but still it has to be said that this individual is not above breaking into other folks computers, indeed, its a skill he has honed through years of practice and if he can personally gain from it, he will break the law again. Thats only common sense.

MOD UP

[Bootvis]

Mod parent up

high res photos and the movie

[dobrovik]

http://web.archive.org/web/20040223103236/http://w ww.insecure.org/nmap/nmap_haxxxor.html http://hoghole.com/videos/

Re:Fyodor is not a heroic "white hat" security exp

[LilGuy]

Reminds me about the once CEO of Axciom. I read a book about the company which created the tools the police forces all over america, including the fbi and ss use to basically look up any info on anyone and their neighbors and dogs. The guy that created the program was reputedly involved in the Iran-Contra scandal among other things. This struck some of the heads of gov't as a bad thing, but not bad enough to not use his brilliant tools.