Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fyodor's Top 100 Network Security Tools

Posted by ryuzaki0 on from the one-for-each-centurion dept.

TheViewFromTheGround writes "Fyodor of nmap fame has released a top 100 list of network security tools, based on a poll of the nmap-hackers list, each with a handy synopsis and useful information about source-code availablity and OS-compatibility. The last version of this survey was published in 2003."

4 of 45 comments (clear)

  1. Great Names! by neonprimetime · · Score: 3, Informative
    Some of these tools have some great names!
    • #9 - Cain and Abel
    • #10 - John the Ripper
    • #43 - EtherApe
    • #49 - RainbowCrack
    • #51 - Angry IP Scanner
    • #76 - Burpsuite
  2. What about social engineering? by Clockwurk · · Score: 5, Informative

    In 2002, Fyodor was the victim of an impersonation attack by a Slashdot user who was posing as a woman. Fyodor sent an email to the fake "woman" in an attempt to solicit further conversation and a possible meeting. When the hoax was revealed, the hoaxer insulted fyodor (I believe the word was "wanker").

    Fyodor responded by using information disclosure vulnerabilities in yahoo email to find the originating IP address of the Slashdot prankster (SumDeusExMachine) who was at the time a college student based on the Pacific coast. SDEM was using an open X server for windows, MI/X, with no security enabled. Fyodor quickly scanned SDEM's box, found the open X server, and attached to it, monitoring SDEM's life for nine hours. He took many screen shots of SDEM's machine and posted them to his web site, insecure.org.

    A lot of personal information was revealed in these screenshots, including the existence and ip address of a "secret troll irc server", which was running an irc bot capable of tracking and posting new stories. Jamie McCarthy used the information disclosed by Fyodor's attack to log onto this server, discover the new-story-bot, and modify Slashdot to break the troll's new-story-robot.

    So in short, Fyodor has an open record of malicious entry, and Slashdot's admins have used the information he has gleaned to combat Slashdot trolling.

    What you have to understand is that illegal and malicious hacking won't land you in jail. The FBI won't prosecute interstate computer hacking unless there are $5000 or more in damages. In this case, there were no damages, rending the "crime" unprosecuteable. Whether this makes the perpetrator a whitehat, greyhat, or blackhat is an exercise for the reader.

  3. Re:ethereal, tcpdump, nmap, kismet are my favorite by lambent · · Score: 3, Informative

    Ethereal was renamed wireshark, and is #2 on the list.

  4. Trollaxor is so credible by ph0t0n · · Score: 2, Informative

    I believe every word of that story, just like I believe Trollaxor's other stories involving Gay sex between Eric Raymond and Richard Stallman and Alan Cox forking Linux kernel.