Nmap From an Ethical Hacker's Point of View

ddonzal notes a new tutorial that introduces Nmap from the viewpoint of an ethical hacker. (Part 1 of 2 parts is up now.) The author is Kirby Tucker, who writes: "After completing this 2 Part Series and having practiced the techniques described, one should not only be able to sit at a 'roundtable' with advanced security professionals and 'hold their own' in a discussion concerning Nmap, but also utilize this great tool in protecting their own network."

Why the adjective?

[capt.Hij]

How come the word "hacker" needs the adjective "ethical?" It is bad enough that the word has a negative connentation (sp?) out there in the world. It should not have to be modified if it happens to be used in a positive sense here.

Re:Why the adjective?

[Tribbin]

Because placing 'ethical' before it informs 95% of the common people and 30% of the slashdotters better about the article.

Re:Why the adjective?

[Johann+Lau]

How come the word "hacker" needs the adjective "ethical?"

It doesn't. "ethical" is just a modifier, it narrows down the range of hackers that are meant. Lack of that modifier does not signify "unethical".

Re:Why the adjective?

[Rulke]

Sad as it is to the community of IT in general, the media has changed the meaning of the word 'Hacker'. It's time we catch on. It is now synonymous for someone that creates, changes or bastardizes programs to do 'unintended' things.

We need to come up with a new 'leet' name for programmers.

Re:Why the adjective?

[Lally+Singh]

It's 2007 and nobody cares what the term meant a long time ago to a small number of unimportant people.

Hacker = supergenius who writes virii, breaks into systems, and terrorizes the entire country from a moving tractor-trailer.

Cracker = pejorative term for white people.

Any other definitions have been obsolesced. Geez, this ranting's been going on since the late 90's, please *everyone* get over it.

Ethnical Hacker? Bleh.

[toolo]

I never understood how someone that is interested in the inner-workings of computing and networking has been coined "Ethical Hacker." Marketing at its finest.

Re:in other news...

[Tribbin]

If your blog post would help other slashdotters it might get through the moderations.

In 2 parts hey?

[MrNaz]

This is like those online universities that I always get spam for.

"Don't have time to study? Want another qualification? In just 2 easy parts, you too can be a l33t h4x0r and increase your salary by several multiples!"

More 'rich informing' alternative?

[Tribbin]

OK, so I've been wondering for a great deal of time what port 9090 on my system was for.

If I go to http://localhost:9090/ I get the HTML message 'Nice try...'. Nmap sais '9090/tcp open zeus-admin'.

Now it appears that it is from my bittorrent client.

Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

It took quite some googling to find out what is was used for.

Re:Ethnical Hacker? Bleh.

[JohnnyBigodes]

Because the word for what you described is, indeed, "hacker". However, due to the incessant distortion of the word "hacker" by conotating it with one or more of: [ virus-writer / cracker / script-kiddie / ... ], the word "Ethical" was added so that it clears up the meaning for the hoi polloi.

Sad, but true. You can blame this one on the media.

Hacker wannabe's more like

[merc]

Nothing against nmap(1), I think it's a great tool, and I use it myself. I just sounds like these goobers sit around bragging about how they figured out how to use nmap. I mean, big deal, it's just a simple tool, nothing to break your arm patting yourself on the back about. You don't get to call yourself a hacker just because you read the man page.

Now Fyodor, the author of nmap. There's a hacker.

Ethics of slashdotting?

[merkhet]

What about the ethics of slashdotting a site?

Re:Ethnical Hacker? Bleh.

[jellomizer]

Well the media for the past 3 decades has given hackers and hacking a negative context. Even those who are "Ethical Hackers" Will coin themselves as such. Because if someone asks you what do for a hobby and you say I hack computers. I would expect within a week you are on some FBI Mainframe, and for some reasons you get denied for jobs that require high security clearance even though you were 99% there getting the job. Saying you are an ethical hacker, will cause the person to stop and explain yourself. It isn't marketing, it is just trying to put a positive towards a negative thing. Much like you go into a house and you smell a freshly baked Apple Pie, you will go it smells good. Because if you go it smells in here then it would be taken as in insult.

what I gathered from the article

He states because you can ping devices on a network, they're vulnerable. This is not a good way to view network security. Services are available to people, if they weren't, you wouldn't have anything to hack. It's not ICMP that is vulnerable to some remote-exploit, although it can be used for harm. For instant, tunneling traffic over ICMP, because it's open through a firewall (i've never tested this, but i've seen software available). To me it seems like a stretch to say, once you can ping something you've got a victim. That's like saying, I can reach their website, so they're finished.

I'm not sure you should be called a hacker after you finish that class, you should be called a hacker, when you understand the information systems, in and out. This would involve the network, and how to exploit the software. Maybe this ethical class covers this, but it seems to me, it covers only enough (or certifies) you can download some exploit and run it.

Personally I feel I have a strong grasp of the networking systems, because I've been networking for quite some time. Now it's time to learn the application stuff, and the hardware more thouroughly. Why? because it's fun

"Ethical" Hacker

[richj]

"Ethical Hacker" is one of those terms coined by training vendors to give a job title to white hat script kiddies. It's very similar to all of the Web folks calling themselves "Webmaster" in the 1990's. Google the term and you're going to find a ton of training offered by companies that really are nothing more than script kiddie training.

I think a real security professional, one that has a solid background (like in C and Assembly) in coding and networking would avoid using this term.

Useless Complaining

[Mikey-San]

There's no point in being upset about the use of the phrase "ethical hacker". Yes, we all know that being a "hacker" isn't an evil thing. But we've lost that battle in the general population from here until the end of time.

"But hacker already meant something noble! There should only be a modifier for 'evil hacking'!"

Yes, well, no one cares. No one will care. It's debatable whether or not anyone should care. When you talk to your nerd buddies, you can use "hacker" all you like in the "correct" manner and that's okay; when it's a different audience, these days, you have to make what you mean clearer than that. And that's okay. Most people just don't have time or interest to worry about the origin of the word.

In fact, I'm going out on a limb and stating that having this "ethical" modifier is a good thing for the community. Take a moment to look at the phrasing here objectively. If the masses have already decided that "hackers" are bad, and that word is locked in their minds as the dark underbelly of the Internet--terrorists whose only goal is to harm you, your family, your company, and your government--then perhaps by seeing and hearing "ethical hackers", they'll begin to understand that not only is it possible to have good hackers, but that they actually exist.