Nmap From an Ethical Hacker's Point of View

ddonzal notes a new tutorial that introduces Nmap from the viewpoint of an ethical hacker. (Part 1 of 2 parts is up now.) The author is Kirby Tucker, who writes: "After completing this 2 Part Series and having practiced the techniques described, one should not only be able to sit at a 'roundtable' with advanced security professionals and 'hold their own' in a discussion concerning Nmap, but also utilize this great tool in protecting their own network."

Why the adjective?

[capt.Hij]

How come the word "hacker" needs the adjective "ethical?" It is bad enough that the word has a negative connentation (sp?) out there in the world. It should not have to be modified if it happens to be used in a positive sense here.

Re:Why the adjective?

[Tribbin]

Because placing 'ethical' before it informs 95% of the common people and 30% of the slashdotters better about the article.

Re:

[Jarjarthejedi]

It's sad how true that statement is. It's sadder still that someone moderating thought it was funny rather than true...

Re:

[Jeff DeMaagd]

I think it's funny AND true.

Re:

[Johann Lau]

How come the word "hacker" needs the adjective "ethical?"

It doesn't. "ethical" is just a modifier, it narrows down the range of hackers that are meant. Lack of that modifier does not signify "unethical".

Re:

[chaosite]

I hate this discussion, but about half the people here use the term "Hacker" to mean 'friendly computer programmer who's quite good at it' or perhaps 'security consultant', while the other half uses the term to refer to people who break into computer networks, usually for profit or other "evil" motives. The people who prefer the first definition use the term "Cracker" for the latter definition.

So, an "ethical burglar" would be a locksmith, I guess. Someone who knows how to use the tools, yet refrains from

Re:

[loganrapp]

Yeah, but when I'm in gym class, the Bloods-wannabes called me "Cracker." I didn't realize the inner city kids were so adept at computer lingo!

Re:

[jez9999]

I'd leave "ethical rapist" as an exercise to the reader.

James Bond?

Re:

[Oktober Sunset]

I'd leave "ethical rapist" as an exercise to the reader.

Billy the Poet from Welcome to the Monkey House.

Re:

[coryking]

Well, my last post was inflamitory for a reason; people that manipulate the English language piss me off to no end. "Ethical Hacker" = "Ethical Rapist". Period. In fact, by "ethical hacker" is a contraindication itself because nobody with any kind of ethics would use the word "hacker" for any other reason besides "criminal". Unethical people manipulate language.

Why am I being an ass? Because language is important. Every time you use hacker in a sentence and mean "smart guys having fun doing nerdy stuf

Re:

[pyite]

In fact, by "ethical hacker" is a contraindication itself because nobody with any kind of ethics would use the word "hacker" for any other reason besides "criminal".

This sounds like a troll, but going by your UID, I don't think it's meant to be. I think you're actually serious. That's frightening. The word his been misused and abused by the media in an effort to sensationalize. It's true definition in relation to computers has nothing to do with unethical behavior. So you, sir, please do not bastardize the

Re:

[coryking]

I'm dead serious and I'm not trolling at all. And if we were in a bar, I'd sober up and look you right in the eyes when I said the stuff above. Hopefully I could convince you how wrong you are or you could just buy me drinks until I shut the fuck up or maybe come up with a reason why I'm wrong besides wikipedia links because dude, this ain't about tech it is about politics, linquistics and appeals to emotion. It is hard to discuss this on a website designed for maximum flameage.

The "media" had no agenda w

Re:

[coryking]

Arg, to follow up to myself... if you said "I'll tell the FBI somebody hacked into my computer" rather than "cracked into my computer" and you still believe that hacker doesn't mean criminal, I'll tell you why that makes you uncomfortable and guilty. Internally your brain brain has to translate the word "cracker" into "hacker" before you talk to the person. When your brain isn't at 100% for whatever reason, it just might forgo that translation and leave your though process saying "hacker" to the FBI and

Re:

[hormesis]

You, ma'am, are the one attempting to manipulate and change the connotation of the word.

Do some research before you spew shite, Sally.

http://en.wikipedia.org/wiki/Hacker [wikipedia.org]
http://en.wikipedia.org/wiki/Hacker_(computer_secu rity) [wikipedia.org]

Re:

[Johann Lau]

I was referring to the definition of hacker being someone who tinkers around with stuff. http://en.wikipedia.org/wiki/Hacker_definition_con troversy [wikipedia.org]

Re:

[FLEB]

It's a branded term for "white-hat". IIRC, these people take people through courses where they learn security topics and techniques, in a large part, from the perspective and experience of breaking into insecure systems. Specifying "Ethical" in the name clarifies their intent and goals to both their potential clients and to the outside world, that they are training ethical people "hacking" skills for constructive purposes.

Re:

[LuSiDe]

From WordNet (r) 2.0 [wn]:

    connotation
              n 1: what you must know in order to determine the reference of an
                        expression [syn: {intension}]
              2: an idea that is implied or suggested

Defintely not a grammar geek. ;)

Re:

[Rulke]

Sad as it is to the community of IT in general, the media has changed the meaning of the word 'Hacker'. It's time we catch on. It is now synonymous for someone that creates, changes or bastardizes programs to do 'unintended' things.

We need to come up with a new 'leet' name for programmers.

Re:

[Lally Singh]

It's 2007 and nobody cares what the term meant a long time ago to a small number of unimportant people.

Hacker = supergenius who writes virii, breaks into systems, and terrorizes the entire country from a moving tractor-trailer.

Cracker = pejorative term for white people.

Any other definitions have been obsolesced. Geez, this ranting's been going on since the late 90's, please *everyone* get over it.

Re:

[Jarik_Tentsu]

You know...I used to go around correcting people whenever they used the term "hacker" in a negative context, crying "Hacker has only been demonized by the media!"

Now even though this is slashdot, if the name of the article was "Nmap from a hacker's point of view" - I'm sure a large number of people even from here, will think of a Black Hat Hacker. Even though they know what the term 'hacker' really means, they'll assume if the word hacker is being used, it's being used in the context that 99% of the world u

Re:

[Mikkeles]

It doubly doesn't make sense as the article is not about hacking at all.

Re:

[nthcode]

It doesn't mean that the word "hacker" has a negative meaning, just neutral. I think that's also the reason we have different color of hats. From my personal favorite definition of hacker, "One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations." Some might do it ethically or unethically, but that's not the point.

Ethnical Hacker? Bleh.

[toolo]

I never understood how someone that is interested in the inner-workings of computing and networking has been coined "Ethical Hacker." Marketing at its finest.

Re:Ethnical Hacker? Bleh.

[Tribbin]

Do you think that an title called 'Nmap From a Hacker's Point of View' would inform most people enough about the content of the article?

Re:

[ForumTroll]

Do you think that an title called 'Nmap From a Hacker's Point of View' would inform most people enough about the content of the article?

Yes. Not that I really care either way, but I would've expected a similar article regardless of whether the title included the word "ethical" or not. I didn't read it all, but it seems like it's pretty much just a basic nmap tutorial.

Re:

[Scarblac]

It should have been called "On Nmap".

It's a scanning utility. Its command line options hardly change based on the intent of the user.

Re:

[chuckymonkey]

That's a very good point, I guess they don't use cracker because that could be some kind of racial slur and heaven forbid a private organization use a word that in some way may be used as a racial slur because it would violate someone's right somewhere and hurt their feelings.

Re:Ethnical Hacker? Bleh.

[JohnnyBigodes]

Because the word for what you described is, indeed, "hacker". However, due to the incessant distortion of the word "hacker" by conotating it with one or more of: [ virus-writer / cracker / script-kiddie / ... ], the word "Ethical" was added so that it clears up the meaning for the hoi polloi.

Sad, but true. You can blame this one on the media.

Re:

[tholomyes]

Similar to how "pirate" now refers to anyone who illegally copies digital media, rather than referring to someone making a profit off of redistributing stolen goods/content. Because if we use shades of grey, the people who only read about these sorts things in Newsweek articles might become confused!

Plus, bad guys are cool.

Re:

[N-icMa]

I guess it is ethical hacking to check a friend or family members computer for security holes using nmap, but I also find it sad that many people don't know what hacker originally meant. Still, you have to accept the reality. Hacker is considered a bad term in mainstream society, and putting 'ethical' in front of it makes it easier to explain that it can also mean something good.

Re:Ethnical Hacker? Bleh.

[jellomizer]

Well the media for the past 3 decades has given hackers and hacking a negative context. Even those who are "Ethical Hackers" Will coin themselves as such. Because if someone asks you what do for a hobby and you say I hack computers. I would expect within a week you are on some FBI Mainframe, and for some reasons you get denied for jobs that require high security clearance even though you were 99% there getting the job. Saying you are an ethical hacker, will cause the person to stop and explain yourself. It isn't marketing, it is just trying to put a positive towards a negative thing. Much like you go into a house and you smell a freshly baked Apple Pie, you will go it smells good. Because if you go it smells in here then it would be taken as in insult.

Re:

[Jeff DeMaagd]

You may think and say what you like, but the only place where "hacker" has a neutral or possitive connotation is in a relatively small subculture. The positive use is practicaly jargon, the same with "cracker", that's effectively jargon too.

Marketing at its finest.

How do you suggest overcoming the negative stereotype? "Ethical" hacking doesn't make the news because they don't do anything that's interesting to outsiders, as such, most people only know the word from negative connotations.

Re:Ethnical Hacker? Bleh.

[The Evil Couch]

Their parents were Hackers, thus they're Ethnical Hackers. They're a patriarchal society, so the ability to claim that Hacker ethnicity is passed from the Father's side.

Re:

[Enahs]

Largely because mainstream press hijacked a perfectly innocuous term like 'hacker' to mean 'someone who is actively trying to steal all your intentity data along with your money.'

Re:

[harmlessdrudge]

> marketing at its finest As someone who has employed hackers to break into a network I can assure you that the term "ethical" is not marketing nor is it redundant. In common usage hacking includes unauthorised breaking into systems. You know this perfectly well. Or you should do.

in other news...

[Anonymous Coward]

i have updated my blog maybe i will spam it on /.

Re:

[Tribbin]

If your blog post would help other slashdotters it might get through the moderations.

In 2 parts hey?

[MrNaz]

This is like those online universities that I always get spam for.

"Don't have time to study? Want another qualification? In just 2 easy parts, you too can be a l33t h4x0r and increase your salary by several multiples!"

More 'rich informing' alternative?

[Tribbin]

OK, so I've been wondering for a great deal of time what port 9090 on my system was for.

If I go to http://localhost:9090/ [localhost] I get the HTML message 'Nice try...'. Nmap sais '9090/tcp open zeus-admin'.

Now it appears that it is from my bittorrent client.

Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

It took quite some googling to find out what is was used for.

Re:More 'rich informing' alternative?

[Anonymous Coward]

try netstat -anpe | grep 9090 as root ?

Re:

[LordSnooty]

To assume he's on *nix is indeed a leap of faith. I think Windows is the answer, thus the reason for much flapping about.

Re:

[bhtooefr]

Actually, Windows has netstat as well. ;)

Re:

[bhtooefr]

That would be because many of the Windows networking tools come straight from BSD...

Re:More 'rich informing' alternative?

[Ant P.]

>>Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

Yes:

# netstat --numeric-hosts --listening --tcp --programs
Active Internet connections (only servers)
Proto Local Address       Foreign Address         State       PID/Program name
tcp   0.0.0.0:svn         0.0.0.0:*               LISTEN      1678/xinetd
tcp   0.0.0.0:netbios-ssn 0.0.0.0:*               LISTEN      1703/smbd
tcp   0.0.0.0:sunrpc      0.0.0.0:*               LISTEN      1531/portmap
tcp   0.0.0.0:http        0.0.0.0:*               LISTEN      2580/lighttpd
etc.

Re:

[caluml]

netstat -planet is what I remember.

those switches are for gnu only!

[Anonymous Coward]

they will fuck you if you ever go to another OS like Solaris, *BSD, OS/X, etc. example:

$ netstat --numeric-hosts --listening --tcp --programs
netstat: unknown option -- -
usage: netstat [-Aan] [-f address_family] [-M core] [-N system]
netstat [-bdgilmnqrstu] [-f address_family] [-M core] [-N system]
netstat [-bdn] [-I interface] [-M core] [-N system] [-w wait]
net

Re:

[Ant P.]

Would you prefer the short version?

netstat -nltp

There. Still doesn't work on your system, but now you have no idea what the hell it's doing because it's no longer self-documenting. You're welcome.

Re:

[Covener]

Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

fuser 9090/tcp, lsof -i :9090, netstat -pant | grep :9090

Re:More 'rich informing' alternative?

[ReverendRyan]

How would nmap know which app is really listening on a port? All it has are the ARIN-assigned port numbers from /etc/services. What you were looking for was

# netstat -tcp -l

which will list all TCP ports that are in state "LISTEN" along with the PID of the program that opened the port.

Re:

[Phil246]

http://insecure.org/nmap/man/man-version-detectio n .html [insecure.org]

After TCP and/or UDP ports are discovered using one of the other scan methods, version detection interrogates those ports to determine more about what is actually running. The nmap-service-probes database contains probes for querying various services and match expressions to recognize and parse responses.

A paper documenting the workings, usage, and customization of version detection is available at http://insecure.org/nmap/vscan/ [insecure.org].

Re:

[GarrettZilla]

Try:

  lsof -iTCP@localhost:9090

Hacker wannabe's more like

[merc]

Nothing against nmap(1), I think it's a great tool, and I use it myself. I just sounds like these goobers sit around bragging about how they figured out how to use nmap. I mean, big deal, it's just a simple tool, nothing to break your arm patting yourself on the back about. You don't get to call yourself a hacker just because you read the man page.

Now Fyodor, the author of nmap. There's a hacker.

Re:

[ScrewMaster]

Now Fyodor, the author of nmap. There's a hacker.

Yeah. Seriously.

Re:

[Zero__Kelvin]

"A few years ago, Fyodor got caught breaking into a Windows PC owned by somebody who had humiliated him online."

Dud3! U R th3 31i73! You found the one story on Trollaxor that isn't an elaborate work of fiction and classical trolling.

Psych ...

In particular the -sI feature

[Beryllium Sphere(tm)]

nmap can portscan a box without ever addressing a packet to it. Coming up with that was a true hack. (Google "idle scan").

Re:

[ushering05401]

"Oh that Fyodor! I for a moment there I thought you were talking about that russian guy.
Thanks for clearing it up!"

Both snort and nmap have developers named Fyodor, and people get them confused all the time.

Ethics of slashdotting?

[merkhet]

What about the ethics of slashdotting a site?

in case it's slashdotted...

[Anonymous Coward]

article text found here:

$man nmap

Instead of modding me -1 Flamebait, please mod me +1 inciteful

Re:

[Arkaic]

The man page for nmap is more detailed than their paraphrasing of it. Some of the article is flat out wrong.

Since there's no overhead of a TCP handshake, the UDP scan is inherently less "noisy."

Yeah right.

If you don't have nmap installed, just go here - http://insecure.org/nmap/man/ [insecure.org]

Re:

[Plutonite]

Why are you even interested? Anybody who calls himself an "ethical hacker" is probably too much of a douchebag to have anything insightful to say about a piece of high quality software.

Re:

[Torvaun]

Maybe he has a cert from EC-Council [eccouncil.org]

Re:

[Plutonite]

I wouldn't care less if he did. Ring me up if he finds remote holes in cisco firmware and, instead of hacking the freaking bank of america he puts up an advisory. I would call that an ethically minded security expert, if I really had to use a label, and he would probably not have time to write reviews with the premise that he's a good guy.

Re:

[Torvaun]

You see no ethics in having the ability to cause damage for your own personal gain without getting caught, and not doing it? It's not exactly going above and beyond the call of duty, but I'd have to call that ethical behavior.

what I gathered from the article

[Anonymous Coward]

He states because you can ping devices on a network, they're vulnerable. This is not a good way to view network security. Services are available to people, if they weren't, you wouldn't have anything to hack. It's not ICMP that is vulnerable to some remote-exploit, although it can be used for harm. For instant, tunneling traffic over ICMP, because it's open through a firewall (i've never tested this, but i've seen software available). To me it seems like a stretch to say, once you can ping something you've got a victim. That's like saying, I can reach their website, so they're finished.

I'm not sure you should be called a hacker after you finish that class, you should be called a hacker, when you understand the information systems, in and out. This would involve the network, and how to exploit the software. Maybe this ethical class covers this, but it seems to me, it covers only enough (or certifies) you can download some exploit and run it.

Personally I feel I have a strong grasp of the networking systems, because I've been networking for quite some time. Now it's time to learn the application stuff, and the hardware more thouroughly. Why? because it's fun

"Ethical" Hacker

[richj]

"Ethical Hacker" is one of those terms coined by training vendors to give a job title to white hat script kiddies. It's very similar to all of the Web folks calling themselves "Webmaster" in the 1990's. Google the term and you're going to find a ton of training offered by companies that really are nothing more than script kiddie training.

I think a real security professional, one that has a solid background (like in C and Assembly) in coding and networking would avoid using this term.

Re:"Ethical" Hacker

[zmotula]

"Unlike the for loop, the while loop will always execute at least once. This is because the condition test is checked after the first iteration."

-- Gray Hat Hacking, The Ethical Hacker's Handbook

(Do I have to say more?)

Re:

[DavidNWelton]

+1 to both comments. I have found that most people labelling themselves "ethical hackers" are uhm... it's hard to put this politely... shall we say their bark is louder than their bite?

Yes, you need to say more

[Nursie]

Like which language we're talking about, because as far as C is concerned that's nonsense. Unless you mean a do{}while loop, but those aren't used very often and are not the same as a while loop.

Re:

[richj]

I never heard of this book (or author) but searching Amazon shows he writes CISSP prep books mostly. The fact that anyone would want to learn C from a "hacking" book illustrates that people just want to know the bare minimum to do their jobs, and that's it. These books (to the extent that "hacking" is book knowledge) should come after learning to code, and the fact that the book confuses a while with do-while is embarrassing. I guess anything that sells...

Screw security...

[Chris Snook]

I don't really care about the security angle either way. Most of the time I use nmap, it's for debugging on test systems that are behind several layers of firewall and NAT. Yeah, it's a debugging tool too.

Then again, in the age of DRM, all debuggers are apparently hacking tools.

Is plagiarism ethical?

[ciotog]

Oh wait, only "Kev"'s hacking is ethical, he doesn't mind ripping off this e-book: http://www.networkuptime.com/nmap/index.shtml [networkuptime.com]

Re:

[networkuptime]

When I wrote "Secrets of Network Cartography: A Comprehensive Guide to Nmap" two years ago, I made the entire 180 page ebook available online. It's free to read, and it's licensed under Creative Commons. You can copy the entire thing and give it away to anyone for non-commercial use; you just have to provide proper attribution. Like my name. Or my web site. Anything. Work with me, here.

Fyodor has led a great development effort over the last ten years, and part of Nmap's appeal is how such a free and "simp

Re:

[Wolfrider]

D00D, I just Friended you for that post. :)

Useless Complaining

[Mikey-San]

There's no point in being upset about the use of the phrase "ethical hacker". Yes, we all know that being a "hacker" isn't an evil thing. But we've lost that battle in the general population from here until the end of time.

"But hacker already meant something noble! There should only be a modifier for 'evil hacking'!"

Yes, well, no one cares. No one will care. It's debatable whether or not anyone should care. When you talk to your nerd buddies, you can use "hacker" all you like in the "correct" manner and that's okay; when it's a different audience, these days, you have to make what you mean clearer than that. And that's okay. Most people just don't have time or interest to worry about the origin of the word.

In fact, I'm going out on a limb and stating that having this "ethical" modifier is a good thing for the community. Take a moment to look at the phrasing here objectively. If the masses have already decided that "hackers" are bad, and that word is locked in their minds as the dark underbelly of the Internet--terrorists whose only goal is to harm you, your family, your company, and your government--then perhaps by seeing and hearing "ethical hackers", they'll begin to understand that not only is it possible to have good hackers, but that they actually exist.

It's just a good article on the basics of hacking

[YeeHaW_Jelte]

... so you can stop your 'WTF?!? Ethical Hacker' and 'I won't RTFA but will try to sound insightful' comments ... it's has a great short tour on assembly and although I've only browsed the part on C programming and nmap (as I know these techniques), I'm sure someone new to this stuff would learn a lot.

Hacking is knowing about a lot of stuff: system administration, network engineering, programming, database administration and social skills, and the writer has done a great job introducing some of these compl

Re:

[account_deleted]

Comment removed based on user account deletion

article availability

[jeferris_shaw.ca]

okay, so I thought this was a reference to a learning guide about ethical hacking. interesting that after I log in to the site, I find I am not able to access the article because "You are not authorised to view this resource." I guess I'm not leet enough to qualify to be a hacker ... of any sort. or perhaps the original url is suspect? http://www.ethicalhacker.net/content/view/155/1/ [ethicalhacker.net] or /2 wtf?