Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Networking IT

Nmap From an Ethical Hacker's Point of View 115

ddonzal notes a new tutorial that introduces Nmap from the viewpoint of an ethical hacker. (Part 1 of 2 parts is up now.) The author is Kirby Tucker, who writes: "After completing this 2 Part Series and having practiced the techniques described, one should not only be able to sit at a 'roundtable' with advanced security professionals and 'hold their own' in a discussion concerning Nmap, but also utilize this great tool in protecting their own network."
This discussion has been archived. No new comments can be posted.

Nmap From an Ethical Hacker's Point of View

Comments Filter:
  • Why the adjective? (Score:3, Insightful)

    by capt.Hij ( 318203 ) on Sunday September 02, 2007 @03:20PM (#20444899) Homepage Journal
    How come the word "hacker" needs the adjective "ethical?" It is bad enough that the word has a negative connentation (sp?) out there in the world. It should not have to be modified if it happens to be used in a positive sense here.
    • by Tribbin ( 565963 ) on Sunday September 02, 2007 @03:28PM (#20444961) Homepage
      Because placing 'ethical' before it informs 95% of the common people and 30% of the slashdotters better about the article.
    • Re: (Score:2, Insightful)

      by Johann Lau ( 1040920 )

      How come the word "hacker" needs the adjective "ethical?"
      It doesn't. "ethical" is just a modifier, it narrows down the range of hackers that are meant. Lack of that modifier does not signify "unethical".
    • by FLEB ( 312391 )
      It's a branded term for "white-hat". IIRC, these people take people through courses where they learn security topics and techniques, in a large part, from the perspective and experience of breaking into insecure systems. Specifying "Ethical" in the name clarifies their intent and goals to both their potential clients and to the outside world, that they are training ethical people "hacking" skills for constructive purposes.
    • by LuSiDe ( 755770 )

      From WordNet (r) 2.0 [wn]:

          connotation
                    n 1: what you must know in order to determine the reference of an
                              expression [syn: {intension}]
                    2: an idea that is implied or suggested
      Defintely not a grammar geek. ;)
    • Re: (Score:2, Insightful)

      by Rulke ( 629278 )
      Sad as it is to the community of IT in general, the media has changed the meaning of the word 'Hacker'. It's time we catch on. It is now synonymous for someone that creates, changes or bastardizes programs to do 'unintended' things.

      We need to come up with a new 'leet' name for programmers.
    • Re: (Score:3, Insightful)

      by Lally Singh ( 3427 )
      It's 2007 and nobody cares what the term meant a long time ago to a small number of unimportant people.

      Hacker = supergenius who writes virii, breaks into systems, and terrorizes the entire country from a moving tractor-trailer.

      Cracker = pejorative term for white people.

      Any other definitions have been obsolesced. Geez, this ranting's been going on since the late 90's, please *everyone* get over it.
    • You know...I used to go around correcting people whenever they used the term "hacker" in a negative context, crying "Hacker has only been demonized by the media!"

      Now even though this is slashdot, if the name of the article was "Nmap from a hacker's point of view" - I'm sure a large number of people even from here, will think of a Black Hat Hacker. Even though they know what the term 'hacker' really means, they'll assume if the word hacker is being used, it's being used in the context that 99% of the world u
    • It doubly doesn't make sense as the article is not about hacking at all.
    • It doesn't mean that the word "hacker" has a negative meaning, just neutral. I think that's also the reason we have different color of hats. From my personal favorite definition of hacker, "One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations." Some might do it ethically or unethically, but that's not the point.
  • by toolo ( 142169 ) on Sunday September 02, 2007 @03:21PM (#20444907) Homepage
    I never understood how someone that is interested in the inner-workings of computing and networking has been coined "Ethical Hacker." Marketing at its finest.
    • by Tribbin ( 565963 ) on Sunday September 02, 2007 @03:30PM (#20444981) Homepage
      Do you think that an title called 'Nmap From a Hacker's Point of View' would inform most people enough about the content of the article?
      • Do you think that an title called 'Nmap From a Hacker's Point of View' would inform most people enough about the content of the article?
        Yes. Not that I really care either way, but I would've expected a similar article regardless of whether the title included the word "ethical" or not. I didn't read it all, but it seems like it's pretty much just a basic nmap tutorial.
      • It should have been called "On Nmap".

        It's a scanning utility. Its command line options hardly change based on the intent of the user.

    • That's a very good point, I guess they don't use cracker because that could be some kind of racial slur and heaven forbid a private organization use a word that in some way may be used as a racial slur because it would violate someone's right somewhere and hurt their feelings.
    • by JohnnyBigodes ( 609498 ) <morphine@NosPaM.digitalmente.net> on Sunday September 02, 2007 @03:48PM (#20445141)
      Because the word for what you described is, indeed, "hacker". However, due to the incessant distortion of the word "hacker" by conotating it with one or more of: [ virus-writer / cracker / script-kiddie / ... ], the word "Ethical" was added so that it clears up the meaning for the hoi polloi.

      Sad, but true. You can blame this one on the media.
      • Similar to how "pirate" now refers to anyone who illegally copies digital media, rather than referring to someone making a profit off of redistributing stolen goods/content. Because if we use shades of grey, the people who only read about these sorts things in Newsweek articles might become confused!

        Plus, bad guys are cool.
    • by N-icMa ( 1149777 )
      I guess it is ethical hacking to check a friend or family members computer for security holes using nmap, but I also find it sad that many people don't know what hacker originally meant. Still, you have to accept the reality. Hacker is considered a bad term in mainstream society, and putting 'ethical' in front of it makes it easier to explain that it can also mean something good.
    • by jellomizer ( 103300 ) * on Sunday September 02, 2007 @04:37PM (#20445509)
      Well the media for the past 3 decades has given hackers and hacking a negative context. Even those who are "Ethical Hackers" Will coin themselves as such. Because if someone asks you what do for a hobby and you say I hack computers. I would expect within a week you are on some FBI Mainframe, and for some reasons you get denied for jobs that require high security clearance even though you were 99% there getting the job. Saying you are an ethical hacker, will cause the person to stop and explain yourself. It isn't marketing, it is just trying to put a positive towards a negative thing. Much like you go into a house and you smell a freshly baked Apple Pie, you will go it smells good. Because if you go it smells in here then it would be taken as in insult.
    • You may think and say what you like, but the only place where "hacker" has a neutral or possitive connotation is in a relatively small subculture. The positive use is practicaly jargon, the same with "cracker", that's effectively jargon too.

      Marketing at its finest.

      How do you suggest overcoming the negative stereotype? "Ethical" hacking doesn't make the news because they don't do anything that's interesting to outsiders, as such, most people only know the word from negative connotations.
    • by The Evil Couch ( 621105 ) on Sunday September 02, 2007 @05:24PM (#20445889) Homepage
      Their parents were Hackers, thus they're Ethnical Hackers. They're a patriarchal society, so the ability to claim that Hacker ethnicity is passed from the Father's side.
    • by Enahs ( 1606 )
      Largely because mainstream press hijacked a perfectly innocuous term like 'hacker' to mean 'someone who is actively trying to steal all your intentity data along with your money.'
    • > marketing at its finest As someone who has employed hackers to break into a network I can assure you that the term "ethical" is not marketing nor is it redundant. In common usage hacking includes unauthorised breaking into systems. You know this perfectly well. Or you should do.
  • by Anonymous Coward on Sunday September 02, 2007 @03:22PM (#20444917)
    i have updated my blog maybe i will spam it on /.
    • Re: (Score:3, Insightful)

      by Tribbin ( 565963 )
      If your blog post would help other slashdotters it might get through the moderations.
  • In 2 parts hey? (Score:4, Insightful)

    by MrNaz ( 730548 ) on Sunday September 02, 2007 @03:34PM (#20445035) Homepage
    This is like those online universities that I always get spam for.

    "Don't have time to study? Want another qualification? In just 2 easy parts, you too can be a l33t h4x0r and increase your salary by several multiples!"
  • by Tribbin ( 565963 ) on Sunday September 02, 2007 @03:37PM (#20445059) Homepage
    OK, so I've been wondering for a great deal of time what port 9090 on my system was for.

    If I go to http://localhost:9090/ [localhost] I get the HTML message 'Nice try...'. Nmap sais '9090/tcp open zeus-admin'.

    Now it appears that it is from my bittorrent client.

    Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

    It took quite some googling to find out what is was used for.
    • by Anonymous Coward on Sunday September 02, 2007 @03:42PM (#20445091)
      try netstat -anpe | grep 9090 as root ?
    • by Ant P. ( 974313 ) on Sunday September 02, 2007 @03:45PM (#20445115)
      >>Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

      Yes:

      # netstat --numeric-hosts --listening --tcp --programs
      Active Internet connections (only servers)
      Proto Local Address       Foreign Address         State       PID/Program name
      tcp   0.0.0.0:svn         0.0.0.0:*               LISTEN      1678/xinetd
      tcp   0.0.0.0:netbios-ssn 0.0.0.0:*               LISTEN      1703/smbd
      tcp   0.0.0.0:sunrpc      0.0.0.0:*               LISTEN      1531/portmap
      tcp   0.0.0.0:http        0.0.0.0:*               LISTEN      2580/lighttpd
      etc.
      • Re: (Score:3, Informative)

        by caluml ( 551744 )
        netstat -planet is what I remember.
      • by Anonymous Coward
        they will fuck you if you ever go to another OS like Solaris, *BSD, OS/X, etc. example:

        $ netstat --numeric-hosts --listening --tcp --programs
        netstat: unknown option -- -
        usage: netstat [-Aan] [-f address_family] [-M core] [-N system]
        netstat [-bdgilmnqrstu] [-f address_family] [-M core] [-N system]
        netstat [-bdn] [-I interface] [-M core] [-N system] [-w wait]
        net
        • by Ant P. ( 974313 )
          Would you prefer the short version?

          netstat -nltp

          There. Still doesn't work on your system, but now you have no idea what the hell it's doing because it's no longer self-documenting. You're welcome.
    • Re: (Score:3, Informative)

      by Covener ( 32114 )

      Is there a more rich informed alternative that would say something like '9090/tcp open zeus-admin/transmission/appX/appY'?

      fuser 9090/tcp, lsof -i :9090, netstat -pant | grep :9090
    • by ReverendRyan ( 582497 ) on Sunday September 02, 2007 @03:52PM (#20445169) Homepage
      How would nmap know which app is really listening on a port? All it has are the ARIN-assigned port numbers from /etc/services. What you were looking for was

      # netstat -tcp -l
      which will list all TCP ports that are in state "LISTEN" along with the PID of the program that opened the port.
      • Re: (Score:3, Informative)

        by Phil246 ( 803464 )
        http://insecure.org/nmap/man/man-version-detectio n .html [insecure.org]

        After TCP and/or UDP ports are discovered using one of the other scan methods, version detection interrogates those ports to determine more about what is actually running. The nmap-service-probes database contains probes for querying various services and match expressions to recognize and parse responses.

        A paper documenting the workings, usage, and customization of version detection is available at http://insecure.org/nmap/vscan/ [insecure.org].

    • Try:

        lsof -iTCP@localhost:9090
  • by merc ( 115854 ) <slashdot@upt.org> on Sunday September 02, 2007 @03:51PM (#20445163) Homepage
    Nothing against nmap(1), I think it's a great tool, and I use it myself. I just sounds like these goobers sit around bragging about how they figured out how to use nmap. I mean, big deal, it's just a simple tool, nothing to break your arm patting yourself on the back about. You don't get to call yourself a hacker just because you read the man page.

    Now Fyodor, the author of nmap. There's a hacker.
    • Now Fyodor, the author of nmap. There's a hacker.

      Yeah. Seriously.
    • nmap can portscan a box without ever addressing a packet to it. Coming up with that was a true hack. (Google "idle scan").
  • What about the ethics of slashdotting a site?
  • by Anonymous Coward on Sunday September 02, 2007 @04:13PM (#20445319)
    article text found here:

    $man nmap

    Instead of modding me -1 Flamebait, please mod me +1 inciteful

    • Re: (Score:1, Redundant)

      by Arkaic ( 784460 )
      The man page for nmap is more detailed than their paraphrasing of it. Some of the article is flat out wrong.

      Since there's no overhead of a TCP handshake, the UDP scan is inherently less "noisy."

      Yeah right.

      If you don't have nmap installed, just go here - http://insecure.org/nmap/man/ [insecure.org]
  • by Anonymous Coward on Sunday September 02, 2007 @05:20PM (#20445847)
    He states because you can ping devices on a network, they're vulnerable. This is not a good way to view network security. Services are available to people, if they weren't, you wouldn't have anything to hack. It's not ICMP that is vulnerable to some remote-exploit, although it can be used for harm. For instant, tunneling traffic over ICMP, because it's open through a firewall (i've never tested this, but i've seen software available). To me it seems like a stretch to say, once you can ping something you've got a victim. That's like saying, I can reach their website, so they're finished.

    I'm not sure you should be called a hacker after you finish that class, you should be called a hacker, when you understand the information systems, in and out. This would involve the network, and how to exploit the software. Maybe this ethical class covers this, but it seems to me, it covers only enough (or certifies) you can download some exploit and run it.

    Personally I feel I have a strong grasp of the networking systems, because I've been networking for quite some time. Now it's time to learn the application stuff, and the hardware more thouroughly. Why? because it's fun

  • "Ethical" Hacker (Score:5, Insightful)

    by richj ( 85270 ) on Sunday September 02, 2007 @06:01PM (#20446177)
    "Ethical Hacker" is one of those terms coined by training vendors to give a job title to white hat script kiddies. It's very similar to all of the Web folks calling themselves "Webmaster" in the 1990's. Google the term and you're going to find a ton of training offered by companies that really are nothing more than script kiddie training.

    I think a real security professional, one that has a solid background (like in C and Assembly) in coding and networking would avoid using this term.
    • Re:"Ethical" Hacker (Score:4, Interesting)

      by zmotula ( 663798 ) on Monday September 03, 2007 @01:19AM (#20448975) Homepage
      "Unlike the for loop, the while loop will always execute at least once. This is because the condition test is checked after the first iteration."

      -- Gray Hat Hacking, The Ethical Hacker's Handbook

      (Do I have to say more?)
      • +1 to both comments. I have found that most people labelling themselves "ethical hackers" are uhm... it's hard to put this politely... shall we say their bark is louder than their bite?
      • Like which language we're talking about, because as far as C is concerned that's nonsense. Unless you mean a do{}while loop, but those aren't used very often and are not the same as a while loop.
      • by richj ( 85270 )
        I never heard of this book (or author) but searching Amazon shows he writes CISSP prep books mostly. The fact that anyone would want to learn C from a "hacking" book illustrates that people just want to know the bare minimum to do their jobs, and that's it. These books (to the extent that "hacking" is book knowledge) should come after learning to code, and the fact that the book confuses a while with do-while is embarrassing. I guess anything that sells...
  • Screw security... (Score:3, Interesting)

    by Chris Snook ( 872473 ) on Sunday September 02, 2007 @11:06PM (#20448211)
    I don't really care about the security angle either way. Most of the time I use nmap, it's for debugging on test systems that are behind several layers of firewall and NAT. Yeah, it's a debugging tool too.

    Then again, in the age of DRM, all debuggers are apparently hacking tools.
  • Oh wait, only "Kev"'s hacking is ethical, he doesn't mind ripping off this e-book: http://www.networkuptime.com/nmap/index.shtml [networkuptime.com]
    • Re: (Score:3, Informative)

      When I wrote "Secrets of Network Cartography: A Comprehensive Guide to Nmap" two years ago, I made the entire 180 page ebook available online. It's free to read, and it's licensed under Creative Commons. You can copy the entire thing and give it away to anyone for non-commercial use; you just have to provide proper attribution. Like my name. Or my web site. Anything. Work with me, here.

      Fyodor has led a great development effort over the last ten years, and part of Nmap's appeal is how such a free and "simp
  • by Mikey-San ( 582838 ) on Monday September 03, 2007 @01:11AM (#20448937) Homepage Journal
    There's no point in being upset about the use of the phrase "ethical hacker". Yes, we all know that being a "hacker" isn't an evil thing. But we've lost that battle in the general population from here until the end of time.

    "But hacker already meant something noble! There should only be a modifier for 'evil hacking'!"

    Yes, well, no one cares. No one will care. It's debatable whether or not anyone should care. When you talk to your nerd buddies, you can use "hacker" all you like in the "correct" manner and that's okay; when it's a different audience, these days, you have to make what you mean clearer than that. And that's okay. Most people just don't have time or interest to worry about the origin of the word.

    In fact, I'm going out on a limb and stating that having this "ethical" modifier is a good thing for the community. Take a moment to look at the phrasing here objectively. If the masses have already decided that "hackers" are bad, and that word is locked in their minds as the dark underbelly of the Internet--terrorists whose only goal is to harm you, your family, your company, and your government--then perhaps by seeing and hearing "ethical hackers", they'll begin to understand that not only is it possible to have good hackers, but that they actually exist.
  • ... so you can stop your 'WTF?!? Ethical Hacker' and 'I won't RTFA but will try to sound insightful' comments ... it's has a great short tour on assembly and although I've only browsed the part on C programming and nmap (as I know these techniques), I'm sure someone new to this stuff would learn a lot.

    Hacking is knowing about a lot of stuff: system administration, network engineering, programming, database administration and social skills, and the writer has done a great job introducing some of these compl
  • Comment removed based on user account deletion
  • okay, so I thought this was a reference to a learning guide about ethical hacking. interesting that after I log in to the site, I find I am not able to access the article because "You are not authorised to view this resource." I guess I'm not leet enough to qualify to be a hacker ... of any sort. or perhaps the original url is suspect? http://www.ethicalhacker.net/content/view/155/1/ [ethicalhacker.net] or /2 wtf?

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...