Fyodor's Top 100 Network Security Tools 45
TheViewFromTheGround writes "Fyodor of nmap fame has released a top 100 list of network security tools, based on a poll of the nmap-hackers list, each with a handy synopsis and useful information about source-code availablity and OS-compatibility. The last version of this survey was published in 2003."
Does He Still Hack Slashdot Users? (Score:4, Interesting)
Re:Does He Still Hack Slashdot Users? (Score:3, Interesting)
(Link [trollaxor.com] for those who have no idea what we're talking about here)
Trollaxor is so credible (Score:2, Informative)
Re:Does He Still Hack Slashdot Users? (Score:2)
Yeah prime example of what should be buried.
Re:Does He Still Hack Slashdot Users? (Score:1)
Re:Does He Still Hack Slashdot Users? (Score:1)
I haven't forgotten at all - the way he hacked one of your trolling buddies was fucking awesome.
I particularly enjoy the way you have all been whining about it ever since. I like to imagine a group of little girls with pigtails all crying "But it's just not fair! We were supposed to be trolling him and he turned around and fucked us like bitches! Sob."
In summary, you failed it. Your total failure to deal with that fact simply confirms that you shouldn't have been t
Wow! (Score:1)
Great Names! (Score:3, Informative)
Re:Great Names! (Score:5, Funny)
However no one used products with names like that, except "Mary Kate and Ashley", but that only led to people disappointed by it not being porn.
...and coming in a #101.. (Score:2, Funny)
This seems like a promising tool.
It's called, "Right to innovate!"
Rootkit detectors... (Score:5, Interesting)
What about social engineering? (Score:5, Informative)
Fyodor responded by using information disclosure vulnerabilities in yahoo email to find the originating IP address of the Slashdot prankster (SumDeusExMachine) who was at the time a college student based on the Pacific coast. SDEM was using an open X server for windows, MI/X, with no security enabled. Fyodor quickly scanned SDEM's box, found the open X server, and attached to it, monitoring SDEM's life for nine hours. He took many screen shots of SDEM's machine and posted them to his web site, insecure.org.
A lot of personal information was revealed in these screenshots, including the existence and ip address of a "secret troll irc server", which was running an irc bot capable of tracking and posting new stories. Jamie McCarthy used the information disclosed by Fyodor's attack to log onto this server, discover the new-story-bot, and modify Slashdot to break the troll's new-story-robot.
So in short, Fyodor has an open record of malicious entry, and Slashdot's admins have used the information he has gleaned to combat Slashdot trolling.
What you have to understand is that illegal and malicious hacking won't land you in jail. The FBI won't prosecute interstate computer hacking unless there are $5000 or more in damages. In this case, there were no damages, rending the "crime" unprosecuteable. Whether this makes the perpetrator a whitehat, greyhat, or blackhat is an exercise for the reader.
Re:What about social engineering? (Score:3, Funny)
I think that will pretty much some up most of the readers feelings about this, outside of a few prudes.
Re:What about social engineering? (Score:5, Insightful)
Are we supposed to feel sorry for SDEM? (Score:5, Interesting)
Karma is a bitch, isn't it?
Would you pick a fight with somebody bigger than you?
If you do, and you get pounded into pulp, do you expect sympathy?
He got what he deserved; reaped what he sowed.
Re:Are we supposed to feel sorry for SDEM? (Score:3, Interesting)
Re:Are we supposed to feel sorry for SDEM? (Score:3, Funny)
False analogy (Score:3, Interesting)
If a 17 year old points a gun at me, I'm going to respond with deadly force.
Nope, no sympathy AT ALL. None.
Re:False analogy (Score:3, Interesting)
Re:What about social engineering? (Score:2)
Script interpreters = security tools? (Score:4, Insightful)
Script interpreters = security tools? For that matter, why isn't VBS high on the list then; all sorts of degenerate virus authors have shown that VBS can be quite powerful (and do all sorts of interesting network bits too).
Re:Script interpreters = security tools? (Score:5, Funny)
Re:Script interpreters = security tools? (Score:2)
Re:Script interpreters = security tools? (Score:2)
(I browse at -1 flat-mode to look for mod point candidates, then open then up in a new tab in nested mode to check context.)
Re:Script interpreters = security tools? (Score:1)
ethereal, tcpdump, nmap, kismet are my favorites (Score:4, Interesting)
Personally, I use nmap quite often to examine my own systems and make sure services are up or that firewalls are blocking the right ports. I also use tcpdump (and, for more complex tasks, ethereal) very often when debugging network problems. Kismet, of course, is a tool no geek should be without. On almost any long car trip, kismet+gpsd+gpsdrive are running, logging networks.
It's freaking awesome that all these tools are available for free. Three cheers for their authors.
Re:ethereal, tcpdump, nmap, kismet are my favorite (Score:1)
Ethereal was the second most popular tool in the 2003 survey, but this time it did not even make it on the list for 2006. Not surprising, considering its bad security history.
Re:ethereal, tcpdump, nmap, kismet are my favorite (Score:3, Informative)
Re:ethereal, tcpdump, nmap, kismet are my favorite (Score:2)
Re:ethereal, tcpdump, nmap, kismet are my favorite (Score:3, Interesting)
I do the same thing. want to know what ip's your netowrk printers are set to without having to go to each run and print a config?
>nmap -p 9100 *your network*
nmap to find hosts/services for Nagios (Score:2)
Oh, that reminds me... I set up Nagios on my school's network (just for the hell of it--I'm at a school where the sysadmin would appreciate the help instead of being scared about me knowing the intimate details of his networks and servers) and I used nmap to map out what servers, printers, and routers were on the network. I even managed to map out the point-to-point T1 we have to another office, and point out a couple bits of information that shouldn't have been lying around. Nmap is a great tool.