Interview with NMAP Creator Fyodor

An anonymous reader writes "Whitedust has an interview with Fyodor, creator of NMAP. The interview covers a broad range of topics from Fyodor's roots and motivations in the security world to his newer projects and even mentions Fyodor's forthcoming book on NMAP network scanning."

Fyodor

[Anonymous Coward]

If anyone is wondering what his last name is, 'Fyodor' is a pseudonym (a.k.a. a "handle"). So there is no last name to go with it.

This handle was partly inspired by Fyodor Dostoevsky, who was perhaps the second greatest writer of all time.

Re:Fyodor

[Osty]

The parent erred. The post ment to suggest Fyodor Dostoevsky was possibly the second greatest novelist of all time. This, of course, is also an error, as Miguel de Cervantes was the greatest novelist of all time, followed by Tolstoy, then by Flaubert.

Or, he was referring to Monkey Island's running gag of, "That's the second biggest [monkey head | duck | arrow | etc] I've ever seen."

Is it so wrong that Monkey Island was the first thing that came to mind when reading the OP's post?

Advance Chapter: Nmap Reference Guide

[fv]

The Nmap Network Scanning book isn't yet complete, but I have decided to release one of the most important chapters in advance online. That is this Nmap Reference Guide [insecure.org], which will become the new man page. It is rewritten from scratch to be much more comprehensive and detailed than the previous version, and better organized as well. It can be read top to bottom or used as a quick reference to look up that obscure scan type you are considering. Let me know [mailto] if you have any suggestions for improving it. I'm also looking for translators (the previous man page is available in nine languages [insecure.org]. If you are interested, send me mail with your target language. That way I can send you the source file (DocBook XML) to translate rather than the HTML/Nroff which is auto-generated. That will also prevent the case of several people duplicating effort by translating to the same language. I was planning to announce this tomorrow, but since the book seems to be mentioned at the top of Slashdot right now anyway, I just scrambled to put it up.

And now for the goods. Here is the HTML Nmap Reference Guide [insecure.org]. Or you can download the Nroff (man page) form here [insecure.org]. Enjoy!

-Fyodor [insecure.org]

Re:Smileys

[Anonymous Coward]

Well... I guess this [slashdot.org] kinda shuts you up huh?

Actual quote

[Anonymous Coward]

You have butchered it quite a bit. What he actually said [seclists.org] was:

From: Fyodor
Date: Thu, 15 May 2003 02:17:19 -0700

Hi Everyone. There is a disturbance in the force! You may recall a couple weeks ago that MS started recommending Nmap on some of their web pages. That was strange, but I did not foresee the anomalous omens that would ensue.

Like almost any self-respecting geek, I bought tickets to 'Matrix: Reloaded' several weeks back (no spoilers, I promise). After all, who can resist the combination of philosophical mind games and Trinity (Carrie-Anne Moss) in that tight leather bodysuit?

So after waiting an hour in a line snaking out of the theatre to the parking lot, I finally got in to my 10pm Wednesday showing. All was going well until Trinity needed to do some hacking. Oh, no! I was sure we'd see a silly "Hackers"-esque 3D animated "hacking scene". Not so! Trinity is as smart as she is seductive! She whips out Nmap (!!!), scans her target, finds 22/tcp open, and proceeds with an ber ssh technique! I was so surprised, I almost jumped out of my seat and did the "r00t dance" right there in the theatre!

There can be only one explanation: Carie-Anne has the hots for me! [...]

Re:Obligatory

[Council]

Watch the video. She's cuter than the stills look.

Re:Fyodor

[jackbird]

Or, he was referring to Monkey Island's running gag of, "That's the second biggest [monkey head | duck | arrow | etc] I've ever seen."

That gag predates Monkey Island [wouldyoubelieve.com] by quite a few years. Not that Monkey Island didn't kick ass.

Nmap is bigger than you think...

[networkuptime]

I can't imagine a book on how to use NMAP being more than 50 pages or so...

That's exactly what I thought when I started writing a short tutorial on nmap. 200 pages later(!), it's a comprehensive guide to the operation and inner-workings of nmap.

I've documented, graphically displayed, and captured network traffic for every nmap ping type, scan method, and nmap option. Not every nmap option works exactly the way one might expect, so I've also documented the "gotchas" when using nmap. I also wrote a chapter that outlines some practical uses of nmap for ongoing security needs.

I've released the book with a Creative Commons license, and posted the entire book to the web for free! My goal was to give something back to the security community that could be used to make networks more secure and to help network professionals understand what happens when these scans are active on their network.

Secrets of Network Cartography: A Comprehensive Guide to nmap is available at:

http://www.networkuptime.com/nmap/index.shtml [networkuptime.com]

I'm working on the next version now, and I'm open for suggestions and comments. Please let me know what you think!

James Messer