Slashdot Mirror
Nmap From an Ethical Hacker's Point of View
ddonzal notes a new tutorial that introduces Nmap from the viewpoint of an ethical hacker. (Part 1 of 2 parts is up now.) The author is Kirby Tucker, who writes: "After completing this 2 Part Series and having practiced the techniques described, one should not only be able to sit at a 'roundtable' with advanced security professionals and 'hold their own' in a discussion concerning Nmap, but also utilize this great tool in protecting their own network."
How come the word "hacker" needs the adjective "ethical?" It is bad enough that the word has a negative connentation (sp?) out there in the world. It should not have to be modified if it happens to be used in a positive sense here.
I never understood how someone that is interested in the inner-workings of computing and networking has been coined "Ethical Hacker." Marketing at its finest.
i have updated my blog maybe i will spam it on /.
Sure hold on, I'll get Larry Craig. What stall will you be in ?
Do you think that an title called 'Nmap From a Hacker's Point of View' would inform most people enough about the content of the article?
If you mod this up, your slashdot background will turn into a beautiful sunset!
That's a very good point, I guess they don't use cracker because that could be some kind of racial slur and heaven forbid a private organization use a word that in some way may be used as a racial slur because it would violate someone's right somewhere and hurt their feelings.
"Some books contain the machinery required to create and sustain universes."-Tycho
This is like those online universities that I always get spam for.
"Don't have time to study? Want another qualification? In just 2 easy parts, you too can be a l33t h4x0r and increase your salary by several multiples!"
I hate printers.
OK, so I've been wondering for a great deal of time what port 9090 on my system was for.
If I go to http://localhost:9090/ I get the HTML message 'Nice try...'. Nmap sais '9090/tcp open zeus-admin'.
Now it appears that it is from my bittorrent client.
Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?
It took quite some googling to find out what is was used for.
If you mod this up, your slashdot background will turn into a beautiful sunset!
"A Lisp programmer knows the value of everything, but the cost of nothing." - Alan Perlis
Because the word for what you described is, indeed, "hacker". However, due to the incessant distortion of the word "hacker" by conotating it with one or more of: [ virus-writer / cracker / script-kiddie / ... ], the word "Ethical" was added so that it clears up the meaning for the hoi polloi.
Sad, but true. You can blame this one on the media.
Nothing against nmap(1), I think it's a great tool, and I use it myself. I just sounds like these goobers sit around bragging about how they figured out how to use nmap. I mean, big deal, it's just a simple tool, nothing to break your arm patting yourself on the back about. You don't get to call yourself a hacker just because you read the man page.
Now Fyodor, the author of nmap. There's a hacker.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
I guess it is ethical hacking to check a friend or family members computer for security holes using nmap, but I also find it sad that many people don't know what hacker originally meant. Still, you have to accept the reality. Hacker is considered a bad term in mainstream society, and putting 'ethical' in front of it makes it easier to explain that it can also mean something good.
What about the ethics of slashdotting a site?
article text found here:
$man nmap
Instead of modding me -1 Flamebait, please mod me +1 inciteful
Can we get an ethical hacker to throw up a mirror so some of us might read this article?
Well the media for the past 3 decades has given hackers and hacking a negative context. Even those who are "Ethical Hackers" Will coin themselves as such. Because if someone asks you what do for a hobby and you say I hack computers. I would expect within a week you are on some FBI Mainframe, and for some reasons you get denied for jobs that require high security clearance even though you were 99% there getting the job. Saying you are an ethical hacker, will cause the person to stop and explain yourself. It isn't marketing, it is just trying to put a positive towards a negative thing. Much like you go into a house and you smell a freshly baked Apple Pie, you will go it smells good. Because if you go it smells in here then it would be taken as in insult.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
I think he meant "hold one's own". Please learn to type English.
You may think and say what you like, but the only place where "hacker" has a neutral or possitive connotation is in a relatively small subculture. The positive use is practicaly jargon, the same with "cracker", that's effectively jargon too.
Marketing at its finest.
How do you suggest overcoming the negative stereotype? "Ethical" hacking doesn't make the news because they don't do anything that's interesting to outsiders, as such, most people only know the word from negative connotations.
He states because you can ping devices on a network, they're vulnerable. This is not a good way to view network security. Services are available to people, if they weren't, you wouldn't have anything to hack. It's not ICMP that is vulnerable to some remote-exploit, although it can be used for harm. For instant, tunneling traffic over ICMP, because it's open through a firewall (i've never tested this, but i've seen software available). To me it seems like a stretch to say, once you can ping something you've got a victim. That's like saying, I can reach their website, so they're finished.
I'm not sure you should be called a hacker after you finish that class, you should be called a hacker, when you understand the information systems, in and out. This would involve the network, and how to exploit the software. Maybe this ethical class covers this, but it seems to me, it covers only enough (or certifies) you can download some exploit and run it.
Personally I feel I have a strong grasp of the networking systems, because I've been networking for quite some time. Now it's time to learn the application stuff, and the hardware more thouroughly. Why? because it's fun
The old system has been compromised, so I'm changing things up a bit.
The password will be "leper" and the signal has been changed to whistling "shave and a haircut", knocking three times on the wall and working to get anti-gay^Wpro-family legislation passed.
Oh and I'll be in stall #2.
Their parents were Hackers, thus they're Ethnical Hackers. They're a patriarchal society, so the ability to claim that Hacker ethnicity is passed from the Father's side.
The World's Worst Webcomic!
"Ethical Hacker" is one of those terms coined by training vendors to give a job title to white hat script kiddies. It's very similar to all of the Web folks calling themselves "Webmaster" in the 1990's. Google the term and you're going to find a ton of training offered by companies that really are nothing more than script kiddie training.
I think a real security professional, one that has a solid background (like in C and Assembly) in coding and networking would avoid using this term.
I don't know about the rest of you !1337 n00bs but I learned all I needed to know about nmap from the matrix when *my girlfriend* singlehandededly shutdown the power plant.
they will fuck you if you ever go to another OS like Solaris, *BSD, OS/X, etc. example:
$ netstat --numeric-hosts --listening --tcp --programs
netstat: unknown option -- -
usage: netstat [-Aan] [-f address_family] [-M core] [-N system]
netstat [-bdgilmnqrstu] [-f address_family] [-M core] [-N system]
netstat [-bdn] [-I interface] [-M core] [-N system] [-w wait]
netstat [-M core] [-N system] -P pcbaddr
netstat [-s] [-M core] [-N system] [-p protocol]
netstat [-a] [-f address_family] [-i | -I interface]
netstat [-W interface]
$ uname -sr
OpenBSD 4.1
I don't really care about the security angle either way. Most of the time I use nmap, it's for debugging on test systems that are behind several layers of firewall and NAT. Yeah, it's a debugging tool too.
Then again, in the age of DRM, all debuggers are apparently hacking tools.
There's no failure quite as dissatisfying as a complete and total solution to the wrong problem.
nmap can portscan a box without ever addressing a packet to it. Coming up with that was a true hack. (Google "idle scan").
Oh wait, only "Kev"'s hacking is ethical, he doesn't mind ripping off this e-book: http://www.networkuptime.com/nmap/index.shtml
There's no point in being upset about the use of the phrase "ethical hacker". Yes, we all know that being a "hacker" isn't an evil thing. But we've lost that battle in the general population from here until the end of time.
"But hacker already meant something noble! There should only be a modifier for 'evil hacking'!"
Yes, well, no one cares. No one will care. It's debatable whether or not anyone should care. When you talk to your nerd buddies, you can use "hacker" all you like in the "correct" manner and that's okay; when it's a different audience, these days, you have to make what you mean clearer than that. And that's okay. Most people just don't have time or interest to worry about the origin of the word.
In fact, I'm going out on a limb and stating that having this "ethical" modifier is a good thing for the community. Take a moment to look at the phrasing here objectively. If the masses have already decided that "hackers" are bad, and that word is locked in their minds as the dark underbelly of the Internet--terrorists whose only goal is to harm you, your family, your company, and your government--then perhaps by seeing and hearing "ethical hackers", they'll begin to understand that not only is it possible to have good hackers, but that they actually exist.
Mikey-San
Karma: +Eleventy billion (mostly affected by watching Celebrity Jeopardy)
yum install nmap
Similar to how "pirate" now refers to anyone who illegally copies digital media, rather than referring to someone making a profit off of redistributing stolen goods/content. Because if we use shades of grey, the people who only read about these sorts things in Newsweek articles might become confused!
Plus, bad guys are cool.
When did the future switch from being a promise to a threat? -C. Palahniuk
It should have been called "On Nmap".
It's a scanning utility. Its command line options hardly change based on the intent of the user.
I believe posters are recognized by their sig. So I made one.
Hacking is knowing about a lot of stuff: system administration, network engineering, programming, database administration and social skills, and the writer has done a great job introducing some of these complex subjects from a hacking perspective
---
"The chances of a demonic possession spreading are remote -- relax."
hacking = social skills? ..whoa, could've fooled me
Given that 1161 in tcpip.cc of nmap has that comment one has to wonder.
/* Who cares */
Everything else is random yet the advertised window size is very predictable.
else tcp->th_win = htons(1024 * (myttl % 4 + 1));
to say
else tcp->th_win = rand();
Now tools like pof/openbsd pf/Sealing Wafter can no longer track you beloved TCP scans as being from Nmap.
This is lost debate.
The word "gay" used to mean light hearted and fun
Then it moved on to mean someone who is homosexual
Now, in the UK at least, some people use it to mean something that isn't very good - "that movie was gay"
You can continue to use it in its original sense if you want "let's all go out and have a gay time" - but you'll confuse a lot of people. It doesn't matter what you think "hacker" means, what matters is what everyone else thinks it means.....
Like which language we're talking about, because as far as C is concerned that's nonsense. Unless you mean a do{}while loop, but those aren't used very often and are not the same as a while loop.
All this time I thought HACKER was a term used to define a fat assed FBI agent who played gulf on the weekend pretending to be Tiger Woods.
Comment removed based on user account deletion
Largely because mainstream press hijacked a perfectly innocuous term like 'hacker' to mean 'someone who is actively trying to steal all your intentity data along with your money.'
Stating on Slashdot that I like cheese since 1997.
> marketing at its finest As someone who has employed hackers to break into a network I can assure you that the term "ethical" is not marketing nor is it redundant. In common usage hacking includes unauthorised breaking into systems. You know this perfectly well. Or you should do.
Social skills are useful in hacking when you want to, for example, talk someone into installing a trojan or giving you the password to break into a system.
maybe social engineering skills. but social skills, i have never seen a "hacker" with any. what i have seen is someone sitting in their mother's basement pretending to be zero kool
>>So yes, I'm just as confused as you.
If this really honestly confuses you, then you are an idiot. It is just not that fucking difficult. Or are you just trolling?
(When they copied this one from Berkeley? They did it RIGHT, copying the best in the business, in THAT capacity @ least! A good job for a creation out of academia in this field...)
APK
okay, so I thought this was a reference to a learning guide about ethical hacking. interesting that after I log in to the site, I find I am not able to access the article because "You are not authorised to view this resource." I guess I'm not leet enough to qualify to be a hacker ... of any sort.
or perhaps the original url is suspect?
http://www.ethicalhacker.net/content/view/155/1/ or /2
wtf?