An easy question for the right person- I've downloaded Nmap and I would like
to know if I need to have a lynux operating platform to use it correctly, or
can I just run it on any systm?

45 responses total.

You can't run it here.

i ran it on linux and i think it should run on any unix system with a 
few changes. btw, its a great tool. Oh! And if you are wondering 
whether it would run on WinXX, forget it,

Thankyou Siddhartha Jain,with more research I have learnt that you are reight
nand that it will run on most unix OS.I've ordered the linux operating system,
Red Hat 6.2-CD, and like you said, I have to make a few adjustments to the
current configuration and wallah!!! Well that's theoritically plausible but
in practice I'm sure it won't be so easy,I'll keep in touch. if you want to
contact me, email"gpohle@dot.net.au"

I'm too lazy to type "Nmap" into Google.  What is Nmap?

From nmap homepage (http://www.insecure.org/nmap):
"nmap is a utility for port scanning large networks, although it works 
fine for single hosts. The guiding philosophy for the creation of nmap 
is TMTOWTDI (There's More Than One Way To Do It). This is the Perl 
slogan, but it is equally applicable to scanners. Sometimes you need 
speed, other times you may need stealth. In some cases, bypassing 
firewalls may be required. Not to mention the fact that you may want to 
scan different protocols (UDP, TCP, ICMP, etc.). You just can't do all 
this with one scanning mode. And you don't want to have 10 different 
scanners around, all with different interfaces and capabilities. Thus I 
incorporated virtually every scanning technique I know into nmap."

        Oh, it's a hacking tool.

Finally, the Jazz spoketh ( whatever is that supposed to mean ). I 
think nmap is a great tool especially with that ftp thing it does. I 
tried SATAN but it did not work on my system. Right now i am working 
with Solaris 7 and i don't have a net connection ( we are waiting for 
an ISDN connection ). As and when that happens i will try to "port" it 
to Solaris. Btw, could someone enlighten me about the difference in IP 
Masq. and Proxying. I read the stuff in ipchains documentation but it 
is isn't very comprehensive.

        There are legitimate uses for hacking tools. :)  But they're not
generally what they get used for.

Can someone remind me what the legitimate uses for a mass port scanner
are?  I keep forgetting?  I mean, besides trying it on your own subnet
before someone else does.

I generally use them to make sure I'm not running anything external services
I don't intend to be running, or to make sure my packet filters are doing what
I want them to do.  Of course, I suppose that could count as trying it on my
own subnet before somebody else does.

ISPs with policies banning their residential customers from running servers
sometimes run port scanners against their customers' computers.  Many of the
cable modem companies, in particular, are rumored to do that.

re#9&10: Duh. I also use port scanners to show a customer a 'before' and 
'after' snapshot of their network during a firewall install.

        Got it before I could answer.

        Portscanners are useful, to show you what your own potential security
risks are, and also to help determine if certian ports are being filtered by
ISPs, when run over a distance against a properly configured target host.

        Does anyone, outside of professionals, use portscanners for this
purpose?  Probably not many.

But more should.  If you're on an xDSL or cable modem connection, you are
the sysadmin of a machine connected to the Net, like it or not.

        It's of dubious use, though, portscanning a network from within the
network.  Especially when the network is NATted through a single host IP.

Good point.

I wonder if there is a free- or shareware utility I can use for the 
Macintosh to determine when and what it is sending via RF to the airport 
base station.  There isn't even a meter indicating activity for either rx 
or tx as there is in the software for the internal modem.

What frequency?  Maybe just a fixed receiver (my police scanner goes up to
900 something MHz) so you can listen to the activity.

2.4GHz

Linked to cyberpunk.  Come discuss whether you think there are legitimate
uses for *nix sys admin tools for home users.  It seems this argument
might apply to other GNU Linux tools such as traceroute.  What do you
think?

There are definatly uses for admin tools for home users- I use them for my
3 computer LAN.

        Well, let's call a spade a spade, and admit they're hacking tools. 
There are legitimate uses for hacking tools, as we've mentioned, as there are
legitimate uses for lockpicks.  But, like lockpicks, the majority of the uses
aren't exactly kosher.

        System administration tools are things like CDE. :P

Of course, if more sysadmins had some rudimentary hacking skills, we
wouldn't have the widespread security problems on the internet that we do
now...  To make effective locks, you have to be able to think like a thief.

        Unfortunately, not many companies realise the amount of time and skill
that's required to really secure a network ... I wouldn't blame the
administrators, but the people who failed to realise security is a concern.
Usually it becomes a concern only after a hacking incident, and then it's
outsourced or sent to a not-terribly-often used team mouldering in a closet
somewhere.

Apart form pointing out the more obvious gaping holes in my box,
I find nmap to be useful in Linux advocacy since I can run it on
major sites and impress my friends with all the vunerable open ports
it invaribly finds :^)  I've yet to hack anywhere (and probably never
will) but I like the fact that Linux enables me to do that if I wanted
to, and out of the box as well (nmap and john both come installed
by default in the install I chose.) I've never had any complaints from
any server I've (stealth) scanned either.

        Keep in mind that the companies you're using as a negative example
just might be secured enough to detect the port scan, and put you in jail for
it.

re #25 Is a port scan illegal as long as you don't exploit it?  I don't
see how that could be possible it's less intrusive than say whois that
names names.  OTH if you use an exploit obviously you run a good chance of
getting your ass in jail. 

        I don't think that the law's really all that clear on that point, and
a corporation has significantly more money to prove that you're at fault than
you do to defend yourself, in most cases.

Hmm I'm just curious what basis there would be to call it an illegal
activity.  It seems like a port scan just speeds up public domain
knolodge for example if you telnet to a server and get a login prompt
then you know port 23 isn't behind a firewall.  Isn't a portscan essentially
just sending packets to different ports like ftp, telnet etc to see if they
are blocked or not.  That can't be illegal unless we are going to make
it illegal to telnet to a box unless you have a login there which as
far as I know isn't illegal.  What next will ping be baned because of
the possibility of the ping of death.  When GNU utilites are banned
only outlaws will have GNu utilites.

He who has the richest lawyers decides what the law says, basically.  Sorry
to have to break it to you.

I don't think you can legally walk through a neighborhood trying peoples'
doors to see if they're unlocked.  On the other hand, if you are in a business
district, going to stores that appear to be businesses serving the public,
and you open an unlocked door and walk in, as long as you don't do anything
further that's illegal, you're probably ok.

I have no idea at what point connecting to ports on computers without doing
anything destructive becomes unauthorized access under the law, but common
sense would seem to apply.  If you're connecting to port 80 on a host named
www, and sending an HTTP GET command, common sense would say that you're
looking for public information.  If you're trying to telnet into somebody's
mail server, on which you are not an authorized shell user, common sense would
presumably say that you're doing the electronic equivalent of trespassing.

        The unspoken conventions that exist for businesses and private
residences - that say, for instance, that even if someone were having a loud
party in their backyard and left the front door wide open, that it might not
be appropriate to walk in - aren't as clear for electronic communications.
That, however, doesn't mean that reasonable guidelines don't exist.  If
someone's advertising a service to the public, you don't need to port-scan
them to find out where it's running - they'll make every effort to get it out
to you, and on a familliar port in most cases. 

Hmm so are you saying that only sys admins and other authorized people should
be allowed to own copies of port scanning software?  I know there is at least
distro of Linux that includes NMAP.  Will we have to liscense our copies of
Linux with the govt soon to make sure they aren't used for unauthorized
activity?  What ever happened to the American idea of freedom?  Freedom with
risks warts and all is what this country used to be about.  Now it's about
safety, ...grumble...

I think what he's saying is that people should only use port scanners on
systems they are authorized to port scan.

I'm not going to tell you that you can't have a wrench, but if you use your
wrench to take my car apart, I'm going to call the police.

The internet evolved to it's present stature as an open ended anarchy.  Are you
saying those days are over?  Will the internet become cable tee vee?

No more than my driveway has become cable TV.

The internet has already become "cable TV".  The fraction of the
internet that is actually devoted to interesting and useful development
has been a very small minority fraction for quite some time, and most of
the decisions that affect the deployment and use of the internet are
made by businessmen and consumers neither of who really have much
understanding or interest in the underlying technology.

        Now wait just a minute here.  The Internet was never an "open-ended
anarchy".  There were portions of the 'net that were governed primarily by
consensus, like unmoderated USENET groups, but even that relied upon a
consensus of USENET news feed operators, who had to cooperate with one another
in a fairly organzied fashion to even share news.  There were also portions
of the 'net that were carefully controlled and negotiated from the beginning,
and the whole lot of it has been bankrolled not by some amorphous goodwill,
but by tax dollars, educational institutions, and later, by private
corporations and their customers.

I didn't mean anarchy in the sense of unstructured I ment anarchy in the way
that it is used by poli sci people, i.e. no government control.  What bothers
me is that the internet was a working anarchy in that sense of the term and
I think that sense of freedom helped drive a lot of the creativity both in
content and in open source development of apps like Apache.  What I fear is
icreasing regulation that will chill free speech and free thought in the
name of security.  Really the internet works pretty well right now with
very little regulation, why should we start saying only certain people can
use certain applications?  What of the old school hacker ethos at MIT
(not to be confused with crackers or script kiddies) but simply techs
who want open systems that are open and easy to work with?

The Internet has never been without some sort of government.

Several years ago, when I started playing around with this stuff, the
"government" of the Net was largely the various sysadmins who ran various
pieces of it.  I doubt there was ever a time when it was considered ok to just
go around the Net trying to break things, or trying to get into systems that
people weren't authorized to get into.  In those days, if somebody was doing
something malicious it would generally work to send mail to the administrators
of the system they came from, generally a university, and get their net access
cut off.  Net access was hard enough to find that that would be a pretty
severe sanction, and would generally effectively deal with problems.  Still,
there have been laws about unauthorized computer access for years, that
were sometimes enforced (the Morris Worm incident comes to mind).

A lot has changed since then.  Many ISPs will still cut off users if there's
clear evidence that the user has been doing something in violation of the
ISP's acceptable use policy.  However, there are a lot more ISPs now.  If
somebody get cut off by one, they can just go to another, or falsify
information to get a new account with the same ISP.  That makes the old ISP
cutoff strategy not nearly as useful.  The stakes are also higher.  The
Internet has gone from being a network of academics and hobbyists, to being
an important part of the world's telecommunications infrastructure.  Many
companies depend on the Internet for their business communications, or even
for all their customer orders.  Internet outages can cost these companies
really large amounts of money.  There are also a lot of computers on the Net
that are peoples' personal computers, owned by people who just want to be able
to use the web or send e-mail, and don't want to know anything about system
administration.  You don't have any more right to start poking at their
computers than you have to go trying the doors on their houses.

But that doesn't mean you don't have the right to use a port scanner.  Nobody
in this discussion has said that.  You are welcome to portscan your own
computer all you want, and you are welcome to portscan any other computers
which you maintain, or which you have been given permission to do that to.
This isn't some special right given to those of us who run computer networks
because we are somehow special.  If any of us started portscanning random
machines we don't control, eventually somebody would probably notice and we
would have some explaining to do.

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss