Show 96 – Hack the Hackers: Fyodor On Nmap & The Security Industry

Michele Chubirka (our very own Mrs. Y), Greg Ferro, and Ethan Banks gather *in person* with very special guest Gordon “Fyodor” Lyon. Fyodor is the author of Nmap, for many years the tool of choice to perform network scanning. The four of us chat about Nmap, being a security practitioner, and goings-on in the security business.

What We Discuss

• Nmap’s 15th birthday.
• The new version of Nmap 5.61 test 5 soon to be released.
• What does Nmap do?
• Host detection.
• OS detection using heuristics and fingerprinting.
• What’s Zenmap?
• NSE, the Nmap scripting engine.
• Is it a good or bad thing that other folks bundle Nmap with their products?
• Nmap’s dual licensing scheme (open source vs. commercial entities).
• Who’s working on Nmap these days?
• What language do you have to know to use NSE?
• What are the new features we’ll see in the upcoming version of Nmap?
• The trouble with scanning IPv6 address ranges.
• Why is there a perception that IPv6 is less secure than IPv4?
• IPv5 trivia.
• Why have we had so many big security breaches lately?
• Is there a disconnect between application developers and IT practitioners?
• Greg’s pet theory of active security and passive security.
• Did you know that Nmap has an tool called Ndiff that will show you variances in scan results from one day to the next?
• Evading the notice of intrusion detection devices & firewalls.
• Does it make sense to patrol outside of the perimeter (i.e. an IDS outside the firewall)?
• The challenge of sorting through huge amounts of log data.
• Just how do we protect our intellectual property from hackers with abilities like Fyodor’s?
• Are honeypots useful?
• How well are OS vendors patching themselves, and how much is it helping?
• Why do we keep working around our own security tools?

Links

• Nmap – free and open source utility for network exploration or security auditing.
• Zenmap – the official Nmap Security Scanner GUI.
• Ndiff – a tool to aid in the comparison of Nmap scans.
• Metasploit – helps security and IT professionals identify security issues, verify vulnerability mitigations, and manage expert-driven security assessments.
• insecure.org – Fyodor’s blog.
• Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning – Fyodor’s book.
• Tor Project – Protect your privacy. Defend yourself against network surveillance and traffic analysis.
• Greg’s blog post on IPv5 – yes, really.
• Thin-slicing – a term used in psychology and philosophy to describe the ability to find patterns in events based only on “thin slices,” or narrow windows, of experience (from Wikipedia).
• The Honeynet Project – to learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned.
• Nmap’s page on the Google Summer of Code – try coding for Nmap for a summer instead of flipping burgers! Apply by April 6, 2012 to be considered for this summer.
• twitter.com/nmap
• facebook.com/nmap
• Nmap Hackers mailing list

Sponsors

NEC ProgrammableFlow

OpenGear – This week’s show was sponsored in part by Opengear, experts in out-of-band management.  Visit www.opengear.com to learn about secure, next generation management appliances that provide lights out access to network equipment even when the primary link is down.  Tell them you heard of their solutions from Packet Pushers for a free t-shirt.