Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nmap From an Ethical Hacker's Point of View

Posted by kdawson on from the think-like-the-bad-guys-do dept.

ddonzal notes a new tutorial that introduces Nmap from the viewpoint of an ethical hacker. (Part 1 of 2 parts is up now.) The author is Kirby Tucker, who writes: "After completing this 2 Part Series and having practiced the techniques described, one should not only be able to sit at a 'roundtable' with advanced security professionals and 'hold their own' in a discussion concerning Nmap, but also utilize this great tool in protecting their own network."

11 of 115 comments (clear)

  1. Ethnical Hacker? Bleh. by toolo · · Score: 4, Insightful

    I never understood how someone that is interested in the inner-workings of computing and networking has been coined "Ethical Hacker." Marketing at its finest.

  2. in other news... by Anonymous Coward · · Score: 5, Funny

    i have updated my blog maybe i will spam it on /.

  3. Re:Why the adjective? by Tribbin · · Score: 4, Insightful

    Because placing 'ethical' before it informs 95% of the common people and 30% of the slashdotters better about the article.

    --
    If you mod this up, your slashdot background will turn into a beautiful sunset!
  4. Re:More 'rich informing' alternative? by Anonymous Coward · · Score: 4, Informative

    try netstat -anpe | grep 9090 as root ?

  5. Re:More 'rich informing' alternative? by Ant+P. · · Score: 4, Informative

    >>Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

    Yes:

    # netstat --numeric-hosts --listening --tcp --programs
    Active Internet connections (only servers)
    Proto Local Address       Foreign Address         State       PID/Program name
    tcp   0.0.0.0:svn         0.0.0.0:*               LISTEN      1678/xinetd
    tcp   0.0.0.0:netbios-ssn 0.0.0.0:*               LISTEN      1703/smbd
    tcp   0.0.0.0:sunrpc      0.0.0.0:*               LISTEN      1531/portmap
    tcp   0.0.0.0:http        0.0.0.0:*               LISTEN      2580/lighttpd
    etc.

  6. Hacker wannabe's more like by merc · · Score: 5, Insightful

    Nothing against nmap(1), I think it's a great tool, and I use it myself. I just sounds like these goobers sit around bragging about how they figured out how to use nmap. I mean, big deal, it's just a simple tool, nothing to break your arm patting yourself on the back about. You don't get to call yourself a hacker just because you read the man page.

    Now Fyodor, the author of nmap. There's a hacker.

    --
    It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
  7. Re:More 'rich informing' alternative? by ReverendRyan · · Score: 4, Informative
    How would nmap know which app is really listening on a port? All it has are the ARIN-assigned port numbers from /etc/services. What you were looking for was

    # netstat -tcp -l
    which will list all TCP ports that are in state "LISTEN" along with the PID of the program that opened the port.
  8. in case it's slashdotted... by Anonymous Coward · · Score: 5, Funny

    article text found here:

    $man nmap

    Instead of modding me -1 Flamebait, please mod me +1 inciteful

  9. Re:Ethnical Hacker? Bleh. by jellomizer · · Score: 4, Insightful

    Well the media for the past 3 decades has given hackers and hacking a negative context. Even those who are "Ethical Hackers" Will coin themselves as such. Because if someone asks you what do for a hobby and you say I hack computers. I would expect within a week you are on some FBI Mainframe, and for some reasons you get denied for jobs that require high security clearance even though you were 99% there getting the job. Saying you are an ethical hacker, will cause the person to stop and explain yourself. It isn't marketing, it is just trying to put a positive towards a negative thing. Much like you go into a house and you smell a freshly baked Apple Pie, you will go it smells good. Because if you go it smells in here then it would be taken as in insult.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  10. "Ethical" Hacker by richj · · Score: 4, Insightful

    "Ethical Hacker" is one of those terms coined by training vendors to give a job title to white hat script kiddies. It's very similar to all of the Web folks calling themselves "Webmaster" in the 1990's. Google the term and you're going to find a ton of training offered by companies that really are nothing more than script kiddie training.

    I think a real security professional, one that has a solid background (like in C and Assembly) in coding and networking would avoid using this term.

  11. Useless Complaining by Mikey-San · · Score: 4, Insightful

    There's no point in being upset about the use of the phrase "ethical hacker". Yes, we all know that being a "hacker" isn't an evil thing. But we've lost that battle in the general population from here until the end of time.

    "But hacker already meant something noble! There should only be a modifier for 'evil hacking'!"

    Yes, well, no one cares. No one will care. It's debatable whether or not anyone should care. When you talk to your nerd buddies, you can use "hacker" all you like in the "correct" manner and that's okay; when it's a different audience, these days, you have to make what you mean clearer than that. And that's okay. Most people just don't have time or interest to worry about the origin of the word.

    In fact, I'm going out on a limb and stating that having this "ethical" modifier is a good thing for the community. Take a moment to look at the phrasing here objectively. If the masses have already decided that "hackers" are bad, and that word is locked in their minds as the dark underbelly of the Internet--terrorists whose only goal is to harm you, your family, your company, and your government--then perhaps by seeing and hearing "ethical hackers", they'll begin to understand that not only is it possible to have good hackers, but that they actually exist.

    --
    Mikey-San
    Karma: +Eleventy billion (mostly affected by watching Celebrity Jeopardy)