Nmap From an Ethical Hacker's Point of View

ddonzal notes a new tutorial that introduces Nmap from the viewpoint of an ethical hacker. (Part 1 of 2 parts is up now.) The author is Kirby Tucker, who writes: "After completing this 2 Part Series and having practiced the techniques described, one should not only be able to sit at a 'roundtable' with advanced security professionals and 'hold their own' in a discussion concerning Nmap, but also utilize this great tool in protecting their own network."

Why the adjective?

[capt.Hij (318203)]

How come the word "hacker" needs the adjective "ethical?" It is bad enough that the word has a negative connentation (sp?) out there in the world. It should not have to be modified if it happens to be used in a positive sense here.

Re:Why the adjective?

[Tribbin (565963)]

Because placing 'ethical' before it informs 95% of the common people and 30% of the slashdotters better about the article.

Re:

[Jarjarthejedi (996957)]

It's sad how true that statement is. It's sadder still that someone moderating thought it was funny rather than true...

Re:

[Jeff DeMaagd (2015)]

I think it's funny AND true.

Re:

[Johann Lau (1040920)]

How come the word "hacker" needs the adjective "ethical?"

It doesn't. "ethical" is just a modifier, it narrows down the range of hackers that are meant. Lack of that modifier does not signify "unethical".

Re:

[chaosite (930734)]

I hate this discussion, but about half the people here use the term "Hacker" to mean 'friendly computer programmer who's quite good at it' or perhaps 'security consultant', while the other half uses the term to refer to people who break into computer networks, usually for profit or other "evil" motives. The people who prefer the first definition use the term "Cracker" for the latter definition.

So, an "ethical burglar" would be a locksmith, I guess. Someone who knows how to use the tools, yet refrains from

Re:

[loganrapp (975327)]

Yeah, but when I'm in gym class, the Bloods-wannabes called me "Cracker." I didn't realize the inner city kids were so adept at computer lingo!

Re:

[jez9999 (618189)]

I'd leave "ethical rapist" as an exercise to the reader.

James Bond?

Re:

[FLEB (312391)]

It's a branded term for "white-hat". IIRC, these people take people through courses where they learn security topics and techniques, in a large part, from the perspective and experience of breaking into insecure systems. Specifying "Ethical" in the name clarifies their intent and goals to both their potential clients and to the outside world, that they are training ethical people "hacking" skills for constructive purposes.

Re:

[LuSiDe (755770)]

From WordNet (r) 2.0 [wn]:

    connotation
              n 1: what you must know in order to determine the reference of an
                        expression [syn: {intension}]
              2: an idea that is implied or suggested

Defintely not a grammar geek. ;)

Re:

[Rulke (629278)]

Sad as it is to the community of IT in general, the media has changed the meaning of the word 'Hacker'. It's time we catch on. It is now synonymous for someone that creates, changes or bastardizes programs to do 'unintended' things.

We need to come up with a new 'leet' name for programmers.

Re:

[Lally Singh (3427)]

It's 2007 and nobody cares what the term meant a long time ago to a small number of unimportant people.

Hacker = supergenius who writes virii, breaks into systems, and terrorizes the entire country from a moving tractor-trailer.

Cracker = pejorative term for white people.

Any other definitions have been obsolesced. Geez, this ranting's been going on since the late 90's, please *everyone* get over it.

Ethnical Hacker? Bleh.

[toolo (142169)]

I never understood how someone that is interested in the inner-workings of computing and networking has been coined "Ethical Hacker." Marketing at its finest.

Re:Ethnical Hacker? Bleh.

[Tribbin (565963)]

Do you think that an title called 'Nmap From a Hacker's Point of View' would inform most people enough about the content of the article?

Re:

[ForumTroll (900233)]

Do you think that an title called 'Nmap From a Hacker's Point of View' would inform most people enough about the content of the article?

Yes. Not that I really care either way, but I would've expected a similar article regardless of whether the title included the word "ethical" or not. I didn't read it all, but it seems like it's pretty much just a basic nmap tutorial.

Re:

[Scarblac (122480)]

It should have been called "On Nmap".

It's a scanning utility. Its command line options hardly change based on the intent of the user.

Re:Ethnical Hacker? Bleh.

[JohnnyBigodes (609498)]

Because the word for what you described is, indeed, "hacker". However, due to the incessant distortion of the word "hacker" by conotating it with one or more of: [ virus-writer / cracker / script-kiddie / ... ], the word "Ethical" was added so that it clears up the meaning for the hoi polloi.

Sad, but true. You can blame this one on the media.

Re:

[tholomyes (610627)]

Similar to how "pirate" now refers to anyone who illegally copies digital media, rather than referring to someone making a profit off of redistributing stolen goods/content. Because if we use shades of grey, the people who only read about these sorts things in Newsweek articles might become confused!

Plus, bad guys are cool.

Re:

[N-icMa (1149777)]

I guess it is ethical hacking to check a friend or family members computer for security holes using nmap, but I also find it sad that many people don't know what hacker originally meant. Still, you have to accept the reality. Hacker is considered a bad term in mainstream society, and putting 'ethical' in front of it makes it easier to explain that it can also mean something good.

Re:Ethnical Hacker? Bleh.

[jellomizer (103300)]

Well the media for the past 3 decades has given hackers and hacking a negative context. Even those who are "Ethical Hackers" Will coin themselves as such. Because if someone asks you what do for a hobby and you say I hack computers. I would expect within a week you are on some FBI Mainframe, and for some reasons you get denied for jobs that require high security clearance even though you were 99% there getting the job. Saying you are an ethical hacker, will cause the person to stop and explain yourself. It isn't marketing, it is just trying to put a positive towards a negative thing. Much like you go into a house and you smell a freshly baked Apple Pie, you will go it smells good. Because if you go it smells in here then it would be taken as in insult.

Re:

[Jeff DeMaagd (2015)]

You may think and say what you like, but the only place where "hacker" has a neutral or possitive connotation is in a relatively small subculture. The positive use is practicaly jargon, the same with "cracker", that's effectively jargon too.

Marketing at its finest.

How do you suggest overcoming the negative stereotype? "Ethical" hacking doesn't make the news because they don't do anything that's interesting to outsiders, as such, most people only know the word from negative connotations.

Re:Ethnical Hacker? Bleh.

[The Evil Couch (621105)]

Their parents were Hackers, thus they're Ethnical Hackers. They're a patriarchal society, so the ability to claim that Hacker ethnicity is passed from the Father's side.

in other news...

[by Anonymous Coward]

i have updated my blog maybe i will spam it on /.

Re:

[Tribbin (565963)]

If your blog post would help other slashdotters it might get through the moderations.

In 2 parts hey?

[MrNaz (730548)]

This is like those online universities that I always get spam for.

"Don't have time to study? Want another qualification? In just 2 easy parts, you too can be a l33t h4x0r and increase your salary by several multiples!"

More 'rich informing' alternative?

[Tribbin (565963)]

OK, so I've been wondering for a great deal of time what port 9090 on my system was for.

If I go to http://localhost:9090/ [localhost] I get the HTML message 'Nice try...'. Nmap sais '9090/tcp open zeus-admin'.

Now it appears that it is from my bittorrent client.

Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

It took quite some googling to find out what is was used for.

Re:More 'rich informing' alternative?

[by Anonymous Coward]

try netstat -anpe | grep 9090 as root ?

Re:More 'rich informing' alternative?

[Ant P. (974313)]

>>Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

Yes:

# netstat --numeric-hosts --listening --tcp --programs
Active Internet connections (only servers)
Proto Local Address       Foreign Address         State       PID/Program name
tcp   0.0.0.0:svn         0.0.0.0:*               LISTEN      1678/xinetd
tcp   0.0.0.0:netbios-ssn 0.0.0.0:*               LISTEN      1703/smbd
tcp   0.0.0.0:sunrpc      0.0.0.0:*               LISTEN      1531/portmap
tcp   0.0.0.0:http        0.0.0.0:*               LISTEN      2580/lighttpd
etc.

Re:

[caluml (551744)]

netstat -planet is what I remember.

Re:

[Covener (32114)]

Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

fuser 9090/tcp, lsof -i :9090, netstat -pant | grep :9090

Re:More 'rich informing' alternative?

[ReverendRyan (582497)]

How would nmap know which app is really listening on a port? All it has are the ARIN-assigned port numbers from /etc/services. What you were looking for was

# netstat -tcp -l

which will list all TCP ports that are in state "LISTEN" along with the PID of the program that opened the port.

Re:

[Phil246 (803464)]

http://insecure.org/nmap/man/man-version-detectio n .html [insecure.org]

After TCP and/or UDP ports are discovered using one of the other scan methods, version detection interrogates those ports to determine more about what is actually running. The nmap-service-probes database contains probes for querying various services and match expressions to recognize and parse responses.

A paper documenting the workings, usage, and customization of version detection is available at http://insecure.org/nmap/vscan/ [insecure.org].

Hacker wannabe's more like

[merc (115854)]

Nothing against nmap(1), I think it's a great tool, and I use it myself. I just sounds like these goobers sit around bragging about how they figured out how to use nmap. I mean, big deal, it's just a simple tool, nothing to break your arm patting yourself on the back about. You don't get to call yourself a hacker just because you read the man page.

Now Fyodor, the author of nmap. There's a hacker.

Re:

[ScrewMaster (602015)]

Now Fyodor, the author of nmap. There's a hacker.

Yeah. Seriously.

In particular the -sI feature

[Beryllium Sphere(tm) (193358)]

nmap can portscan a box without ever addressing a packet to it. Coming up with that was a true hack. (Google "idle scan").

Re:

[ushering05401 (1086795)]

"Oh that Fyodor! I for a moment there I thought you were talking about that russian guy.
Thanks for clearing it up!"

Both snort and nmap have developers named Fyodor, and people get them confused all the time.

Re:

[Zero__Kelvin (151819)]

"A few years ago, Fyodor got caught breaking into a Windows PC owned by somebody who had humiliated him online."

Dud3! U R th3 31i73! You found the one story on Trollaxor that isn't an elaborate work of fiction and classical trolling.

Psych ...

in case it's slashdotted...

[by Anonymous Coward]

article text found here:

$man nmap

Instead of modding me -1 Flamebait, please mod me +1 inciteful

what I gathered from the article

[by Anonymous Coward]

He states because you can ping devices on a network, they're vulnerable. This is not a good way to view network security. Services are available to people, if they weren't, you wouldn't have anything to hack. It's not ICMP that is vulnerable to some remote-exploit, although it can be used for harm. For instant, tunneling traffic over ICMP, because it's open through a firewall (i've never tested this, but i've seen software available). To me it seems like a stretch to say, once you can ping something you've got a victim. That's like saying, I can reach their website, so they're finished.

I'm not sure you should be called a hacker after you finish that class, you should be called a hacker, when you understand the information systems, in and out. This would involve the network, and how to exploit the software. Maybe this ethical class covers this, but it seems to me, it covers only enough (or certifies) you can download some exploit and run it.

Personally I feel I have a strong grasp of the networking systems, because I've been networking for quite some time. Now it's time to learn the application stuff, and the hardware more thouroughly. Why? because it's fun

"Ethical" Hacker

[richj (85270)]

"Ethical Hacker" is one of those terms coined by training vendors to give a job title to white hat script kiddies. It's very similar to all of the Web folks calling themselves "Webmaster" in the 1990's. Google the term and you're going to find a ton of training offered by companies that really are nothing more than script kiddie training.

I think a real security professional, one that has a solid background (like in C and Assembly) in coding and networking would avoid using this term.

Re:"Ethical" Hacker

[zmotula (663798)]

"Unlike the for loop, the while loop will always execute at least once. This is because the condition test is checked after the first iteration."

-- Gray Hat Hacking, The Ethical Hacker's Handbook

(Do I have to say more?)

Re:

[DavidNWelton (142216)]

+1 to both comments. I have found that most people labelling themselves "ethical hackers" are uhm... it's hard to put this politely... shall we say their bark is louder than their bite?

Screw security...

[Chris Snook (872473)]

I don't really care about the security angle either way. Most of the time I use nmap, it's for debugging on test systems that are behind several layers of firewall and NAT. Yeah, it's a debugging tool too.

Then again, in the age of DRM, all debuggers are apparently hacking tools.

Useless Complaining

[Mikey-San (582838)]

There's no point in being upset about the use of the phrase "ethical hacker". Yes, we all know that being a "hacker" isn't an evil thing. But we've lost that battle in the general population from here until the end of time.

"But hacker already meant something noble! There should only be a modifier for 'evil hacking'!"

Yes, well, no one cares. No one will care. It's debatable whether or not anyone should care. When you talk to your nerd buddies, you can use "hacker" all you like in the "correct" manner and that's okay; when it's a different audience, these days, you have to make what you mean clearer than that. And that's okay. Most people just don't have time or interest to worry about the origin of the word.

In fact, I'm going out on a limb and stating that having this "ethical" modifier is a good thing for the community. Take a moment to look at the phrasing here objectively. If the masses have already decided that "hackers" are bad, and that word is locked in their minds as the dark underbelly of the Internet--terrorists whose only goal is to harm you, your family, your company, and your government--then perhaps by seeing and hearing "ethical hackers", they'll begin to understand that not only is it possible to have good hackers, but that they actually exist.

It's just a good article on the basics of hacking

[YeeHaW_Jelte (451855)]

... so you can stop your 'WTF?!? Ethical Hacker' and 'I won't RTFA but will try to sound insightful' comments ... it's has a great short tour on assembly and although I've only browsed the part on C programming and nmap (as I know these techniques), I'm sure someone new to this stuff would learn a lot.

Hacking is knowing about a lot of stuff: system administration, network engineering, programming, database administration and social skills, and the writer has done a great job introducing some of these compl

Re:

[Plutonite (999141)]

Why are you even interested? Anybody who calls himself an "ethical hacker" is probably too much of a douchebag to have anything insightful to say about a piece of high quality software.

Re:

[Torvaun (1040898)]

Maybe he has a cert from EC-Council [eccouncil.org]

Re:

[Plutonite (999141)]

I wouldn't care less if he did. Ring me up if he finds remote holes in cisco firmware and, instead of hacking the freaking bank of america he puts up an advisory. I would call that an ethically minded security expert, if I really had to use a label, and he would probably not have time to write reviews with the premise that he's a good guy.

Re:

[Torvaun (1040898)]

You see no ethics in having the ability to cause damage for your own personal gain without getting caught, and not doing it? It's not exactly going above and beyond the call of duty, but I'd have to call that ethical behavior.

Re:

[networkuptime (923486)]

When I wrote "Secrets of Network Cartography: A Comprehensive Guide to Nmap" two years ago, I made the entire 180 page ebook available online. It's free to read, and it's licensed under Creative Commons. You can copy the entire thing and give it away to anyone for non-commercial use; you just have to provide proper attribution. Like my name. Or my web site. Anything. Work with me, here.

Fyodor has led a great development effort over the last ten years, and part of Nmap's appeal is how such a free and "simp