Show 96 – Hack the Hackers: Fyodor On Nmap & The Security Industry

Michele Chubirka (our very own Mrs. Y), Greg Ferro, and Ethan Banks gather *in person* with very special guest Gordon “Fyodor” Lyon. Fyodor is the author of Nmap, for many years the tool of choice to perform network scanning. The four of us chat about Nmap, being a security practitioner, and goings-on in the security business.

What We Discuss

  • Nmap’s 15th birthday.
  • The new version of Nmap 5.61 test 5 soon to be released.
  • What does Nmap do?
  • Host detection.
  • OS detection using heuristics and fingerprinting.
  • What’s Zenmap?
  • NSE, the Nmap scripting engine.
  • Is it a good or bad thing that other folks bundle Nmap with their products?
  • Nmap’s dual licensing scheme (open source vs. commercial entities).
  • Who’s working on Nmap these days?
  • What language do you have to know to use NSE?
  • What are the new features we’ll see in the upcoming version of Nmap?
  • The trouble with scanning IPv6 address ranges.
  • Why is there a perception that IPv6 is less secure than IPv4?
  • IPv5 trivia.
  • Why have we had so many big security breaches lately?
  • Is there a disconnect between application developers and IT practitioners?
  • Greg’s pet theory of active security and passive security.
  • Did you know that Nmap has an tool called Ndiff that will show you variances in scan results from one day to the next?
  • Evading the notice of intrusion detection devices & firewalls.
  • Does it make sense to patrol outside of the perimeter (i.e. an IDS outside the firewall)?
  • The challenge of sorting through huge amounts of log data.
  • Just how do we protect our intellectual property from hackers with abilities like Fyodor’s?
  • Are honeypots useful?
  • How well are OS vendors patching themselves, and how much is it helping?
  • Why do we keep working around our own security tools?

Links

Sponsors

NEC ProgrammableFlow

OpenGear – This week’s show was sponsored in part by Opengear, experts in out-of-band management.  Visit www.opengear.com to learn about secure, next generation management appliances that provide lights out access to network equipment even when the primary link is down.  Tell them you heard of their solutions from Packet Pushers for a free t-shirt.

Ethan Banks
Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
Ethan Banks
Ethan Banks
  • Fernando Montenegro

    Finally getting around to listen to this, really liked it.
    Glad to see development for nmap being active and incorporating new features.

    A couple of comments:
    – Greg’s comment about the role for security vs. network teams sounded eminently reasonable. Only thing he didn’t highlight as much (but Mrs.Y caught it) is that the auditing would necessarily include what the network people are doing with the firewalls & IPS… :-)

    – When Mrs.Y asks about what is causing the disconnect between security and the rest of IT, I think one critical element missing is the notion of COMPLEXITY: we have long since evolved past the days when the ‘security’ people could know details about every piece of code or equipment – back when security would dictate hardening guidelines, for example. 
    Nowadays, no one seems to understands the big picture anymore nor is anyone being held accountable for it – the ‘architect’ works out of Visio and PowerPoint, the ‘engineer’ does the detailed design but only for a small subset of the overall environment (even if that subset is complex, such as ‘the network’) and the operations teams keep it running and reporting back on what has been defined in their scope. Period.

    Unless there is true collaboration between security and other IT (and non-IT) departments, things will fall through the cracks and innovative solutions (mod_security as a good example) will not be used.

    Thanks for the show everyone!

7ads6x98y