Forgot your password?
typodupeerror
Security

Interview with NMAP Creator Fyodor 89

Posted by ScuttleMonkey
from the colored-hat dept.
An anonymous reader writes "Whitedust has an interview with Fyodor, creator of NMAP. The interview covers a broad range of topics from Fyodor's roots and motivations in the security world to his newer projects and even mentions Fyodor's forthcoming book on NMAP network scanning."
This discussion has been archived. No new comments can be posted.

Interview with NMAP Creator Fyodor

Comments Filter:
  • by Capt'n Hector (650760) on Monday October 17, 2005 @01:15AM (#13807492)
    Could it be that the motivation was... root?
    • > Could it be that the motivation was... root?

      Not in Australia.
      • > > Could it be that the motivation was... root?

        > Not in Australia.

        Well, psychologists would say that all this work is ultimately done to impress women and get laid.

        On second thoughts, is writing code likely to get you laid? (Hint for the stereotype /. reader; taking a shower is easier, and probably more effective.)

        (BTW, since parent didn't make it clear, 'root' is slang for sexual intercourse in Australian English)
  • Fyodor (Score:5, Informative)

    by Anonymous Coward on Monday October 17, 2005 @01:21AM (#13807513)
    If anyone is wondering what his last name is, 'Fyodor' is a pseudonym (a.k.a. a "handle"). So there is no last name to go with it.

    This handle was partly inspired by Fyodor Dostoevsky, who was perhaps the second greatest writer of all time.
    • Re:Fyodor (Score:4, Funny)

      by dirtsurfer (595452) on Monday October 17, 2005 @02:05AM (#13807624) Journal
      This handle was partly inspired by Fyodor Dostoevsky, who was perhaps the second greatest writer of all time.

      With the first greatest writer being, of course, Mr. Anonymous Coward
    • Re:Fyodor (Score:2, Interesting)

      by bobintetley (643462)

      This handle was partly inspired by Fyodor Dostoevsky, who was perhaps the second greatest writer of all time.

      Don't know why (I have heard of the famous Fyodor), but I always assumed he picked it because when you say it out loud it sounds like "fire-door" :-)

    • I woke up from a short NMAP and smelled this horrible Fyodor. Wow man, did someone bust open a stink bomb on the network?

      * Looking back from the future, it will be seen that this post is the one that will inspire someone else to create a revolutionary new toolset called NOSTRILS that will revolutionize everything. Really, just wait and see. *
  • by weighn (578357) <(weighn) (at) (gmail.com)> on Monday October 17, 2005 @01:26AM (#13807524) Homepage
    ...forgo those fancy tools and port scan from Vim
  • by SecureTheNet (915798) on Monday October 17, 2005 @01:30AM (#13807536) Homepage
    for network assesment. It's the best free tool out there, and IMHO better than the commercial apps as well.
  • Obligatory (Score:5, Funny)

    by Council (514577) <rmunroe.gmail@com> on Monday October 17, 2005 @01:51AM (#13807580) Homepage
    I was going to ask what he thought of nmap porn [insecure.org], but then I realized the link I was using was from nmap's own site! Apparently they condone this sort of thing.

    Come on, Fydor, admit it. Like most of us, you don't really care about coding, you just do it to get girls.
  • Best Fyodor quote (Score:5, Interesting)

    by LarsWestergren (9033) on Monday October 17, 2005 @01:54AM (#13807588) Homepage Journal
    In the second Matrix film, Trinity uses nmap to find a vulnerability in an old SSH version that she then exploits. Probably the first realistic hacking depiction in a major film. Fyodor said something along the lines of
    "It was so awesome, my jaw dropped when I saw it in the theaters. A sexy woman uses my program. I think that means we are married."
    • Actual quote (Score:5, Informative)

      by Anonymous Coward on Monday October 17, 2005 @02:19AM (#13807650)
      You have butchered it quite a bit. What he actually said [seclists.org] was:

      From: Fyodor
      Date: Thu, 15 May 2003 02:17:19 -0700

      Hi Everyone. There is a disturbance in the force! You may recall a couple weeks ago that MS started recommending Nmap on some of their web pages. That was strange, but I did not foresee the anomalous omens that would ensue.

      Like almost any self-respecting geek, I bought tickets to 'Matrix: Reloaded' several weeks back (no spoilers, I promise). After all, who can resist the combination of philosophical mind games and Trinity (Carrie-Anne Moss) in that tight leather bodysuit?

      So after waiting an hour in a line snaking out of the theatre to the parking lot, I finally got in to my 10pm Wednesday showing. All was going well until Trinity needed to do some hacking. Oh, no! I was sure we'd see a silly "Hackers"-esque 3D animated "hacking scene". Not so! Trinity is as smart as she is seductive! She whips out Nmap (!!!), scans her target, finds 22/tcp open, and proceeds with an ber ssh technique! I was so surprised, I almost jumped out of my seat and did the "r00t dance" right there in the theatre!

      There can be only one explanation: Carie-Anne has the hots for me! [...]

      • Re:Actual quote (Score:3, Interesting)

        by antdude (79039)
        Heh, it was quite funny when I went to see the movie with a bunch of geeks who work for a well-known security company. Pretty much the whole theater busted laughing at that scene. It's just weird and cool. :)
      • Thanks for the correct quote... I Googled awhile for it but was unable to find it.
  • Smileys (Score:4, Funny)

    by arch119 (882281) on Monday October 17, 2005 @01:58AM (#13807605)
    WD> Have you ever been concerned that Nmap is used for blackhat purposes?
    Fyodor> I doubt that Nmap has ever been used for blackhat purposes. OK, maybe once or twice :). But ...



    ....I just hope the WD guys didn't interview someone logged in to an IRC channel and claiming himself as being Fyodor.....
    • Re:Smileys (Score:1, Informative)

      by Anonymous Coward
      Well... I guess this [slashdot.org] kinda shuts you up huh?
      • Well... I guess this kinda shuts you up huh?

        How ? It only suggests that a guy, (whose handle is "fv" and who asserts his email add. to be fyodor@insecure.org ( and is not worried about even the dumbest of spam robots acquiring his email add.)) makes a declaration that a sample chapter from an unpublished book is available online.
        Is he the real Fyodor? God knows.
        Did he say anything about giving interview to any website? I didn't notice.
        Please shut me up. That ain't enough.
  • by fv (95460) * <fyodor@insecure.org> on Monday October 17, 2005 @02:08AM (#13807632) Homepage

    The Nmap Network Scanning book isn't yet complete, but I have decided to release one of the most important chapters in advance online. That is this Nmap Reference Guide [insecure.org], which will become the new man page. It is rewritten from scratch to be much more comprehensive and detailed than the previous version, and better organized as well. It can be read top to bottom or used as a quick reference to look up that obscure scan type you are considering. Let me know [mailto] if you have any suggestions for improving it. I'm also looking for translators (the previous man page is available in nine languages [insecure.org]. If you are interested, send me mail with your target language. That way I can send you the source file (DocBook XML) to translate rather than the HTML/Nroff which is auto-generated. That will also prevent the case of several people duplicating effort by translating to the same language. I was planning to announce this tomorrow, but since the book seems to be mentioned at the top of Slashdot right now anyway, I just scrambled to put it up.

    And now for the goods. Here is the HTML Nmap Reference Guide [insecure.org]. Or you can download the Nroff (man page) form here [insecure.org]. Enjoy!

    -Fyodor [insecure.org]

    • Hey Fyodor, I wrote reflscan, and I think it's pretty cool that you still mention it, especially since the version that got out was so crappy, and your scanner doesn't owe anything to it. Cheers.
      • I'm not sure why this comment is getting -2 redundant, since as far as I know it's nowhere else in the article or the comments that I wrote reflscan and that I'm honored that Fyodor is conscientious enough to continue to mention it in interviews like these (as well as the other scanners he liked and wanted to improve upon). If the mods are detecting sarcasm in my post, they do so incorrectly.

        Off-topic I could maybe see, but redundant? What?
    • I just reviewed the manpage.. looks very good.. except I noticed that my name no longer resides on the author section..
  • by andreMA (643885) on Monday October 17, 2005 @02:16AM (#13807647)
    and even mentions Fyodor's forthcoming book on NMAP network scanning.
    Of course the book has absolutely nothing to do with why he gave the interview.

    Not that there's anything wrong with pushing a book you've written, but it being mentioned is hardly a surprise.

  • by Douglas Simmons (628988) on Monday October 17, 2005 @03:07AM (#13807764) Homepage
    This article takes me back to my slackware days. People ask me how I learned what I know, and the answer is that back in the day I got my hands on nmap and other impressive tools and through wild guess and checking began to conceptualize the whole net thing. Well, to come clean, I'd give out free shells on IRC and ttysnoop other people running nmap to hack my box -- that's how I got started.

    My point is it didn't come from books, a class or even man pages (that's a given), but toolin' around with the tools epitomized by nmap. Seeing this article touched a nerve in me to say thanks as the readers of this, in my estimation, is a group most densely populated by people who coded wares that got me to wherever I am today, which apparently is a very low-level pron tycoon, who's all about the high res.

    Thanks.

  • Question (Score:4, Interesting)

    by tomstdenis (446163) <tomstdenis@@@gmail...com> on Monday October 17, 2005 @06:43AM (#13808237) Homepage
    How do you write a book on NMAP?

    Is it how the networks operate and how NMAP plays with it? Or is this an NMAP manual? I mean it ain't exactly hard to use. I can't imagine a book on how to use NMAP being more than 50 pages or so...

    Of course I haven't read any TFA if there is one...

    Tom
    • by networkuptime (923486) <james@networkuptime.com> on Monday October 17, 2005 @07:48AM (#13808433) Homepage
      I can't imagine a book on how to use NMAP being more than 50 pages or so...

      That's exactly what I thought when I started writing a short tutorial on nmap. 200 pages later(!), it's a comprehensive guide to the operation and inner-workings of nmap.

      I've documented, graphically displayed, and captured network traffic for every nmap ping type, scan method, and nmap option. Not every nmap option works exactly the way one might expect, so I've also documented the "gotchas" when using nmap. I also wrote a chapter that outlines some practical uses of nmap for ongoing security needs.

      I've released the book with a Creative Commons license, and posted the entire book to the web for free! My goal was to give something back to the security community that could be used to make networks more secure and to help network professionals understand what happens when these scans are active on their network.

      Secrets of Network Cartography: A Comprehensive Guide to nmap is available at:

      http://www.networkuptime.com/nmap/index.shtml [networkuptime.com]

      I'm working on the next version now, and I'm open for suggestions and comments. Please let me know what you think!

      James Messer

If the code and the comments disagree, then both are probably wrong. -- Norm Schryer

Working...