Hi All,
My request for comments on an Nmap book drew a very impressive
response! More than 500 of you wrote me with an opinion on which way
to go. You certainly have very diverse ideas, and I am greatly
encouraged that there is so much interest! So I have hunkered down
and began writing. Incidentally, that is why you haven't heard from me
in so long. Here is the overview I decided on:
OVERVIEW: Documents the free Nmap Security Scanner, from port scanning
basics for novices to the types of packet crafting used by advanced
hackers. Covers network scans for identifying hosts on a network,
including techniques that are unavailable with other tools. Provides
hints for optimizing scanning speed, analyzing or circumventing
firewalls, avoiding intrusion detection systems, and more. Explains
strategies for detecting and defending networks against unwanted Nmap
probes. Describes finding the operating system and service versions
running on target computers. Examples and diagrams show actual
communication on the wire. Recipes detail common tasks such as
listing which hosts provide a given network service and searching for
outdated or insecure software versions. Demonstrates how to automate
Nmap for discovering missing or unexpected hosts and services,
including crashed hosts and many virus infections. This book is
essential for anyone who needs to get the most out of Nmap,
particularly security auditors and systems or network administrators.
Includes details for installing Nmap under Linux, Unix, Windows, Mac
OS X, and even handheld devices.
It may take me at least another six months to finish, because I don't
want to cut any corners in creating the most useful and comprehensive
Nmap book I can. There are a few chapters that I plan to post
early, and I will send a note here or post on Insecure.Org when they
are ready.
In other news, I recently gave an interview for the popular security
portal and defacement archive Zone-H: http://www.zone-h.org/en/interviews
I also have some more Nmap survey results for you! The tools site (
http://www.insecure.org/tools.html ) generated from that survey has
been extraordinarily popular, and the feature voting was helpful in
prioritizing development. Note that two of your top 5 requests
(results at
http://seclists.org/lists/nmap-hackers/2003/Apr-Jun/0011.html ) have
been completed (version and service fingerprinting), and another one
of the top 5 (make Nmap faster) is my next major priority.
The 2,000 of you who took the survey may also remember the new
query for your favorite web sites. I have been
rather slow at analyzing those, but I couldn't permit 2003 to pass
without doing so. I hope to use these results to (finally) update
some of my link pages, but for now here are your results:
NOTES:
o I canonicalized the URLs because many sites have several names
(e.g. teso.scene.at and team-teso.net ). packetstormsecurity.nl is
the leader in having a huge number of unique URLs pointing to it :).
I removed www. from the front of addresses - in a few cases you may
need to add it back, although most sites work without it. I also
removed Insecure.Org .
o I removed paths in the URL to only count the site name. This only
really mattered for a couple general-purpose sites that happened to
have a popular security section, such as microsoft.com. Speaking of
which, I am getting an interesting error right now on
http://www.microsoft.com/security/ . I like the little JSP source
code view box and the path disclosure of
d:\http\library\toolbar\3.0\asp.aspx . The explicit version numbers
("Microsoft .NET Framework Version:1.1.4322.942; ASP.NET
Version:1.1.4322.936") could prove handy as well. A handy stack
trace too! Hmm ... the problem seems to be fixed but here is an
excerpt of the goodies (& a link to the whole page):
http://www.insecure.org/tmp/ms-security-errorpage-excerpt.txt .
Oops .. now back on topic.
Here are all 153 your favorite sites that received at least 2 votes, in
decreasing vote count order. There are some good sites to
explore here, particularly some of the more specialized ones in
the <= 10 vote range:
276 securityfocus.com
159 packetstormsecurity.nl
92 sans.org
86 cert.org
46 securiteam.com
38 linuxsecurity.com
37 phrack.org
30 neworder.box.sk
29 slashdot.org
24 google.com
18 securitynewsportal.com
17 infosyssec.com
15 snort.org
15 honeynet.org
15 dshield.org
15 astalavista.com
13 whitehats.com
13 incidents.org
12 microsoft.com
12 iss.net
11 cisecurity.org
10 networkintrusion.co.uk
10 isc.incidents.org
10 grc.com
10 foundstone.com
10 cve.mitre.org
10 atstake.com
10 astalavista.box.sk
9 security-forums.com
9 packetstorm.org
9 net-security.org
9 nessus.org
9 hack.co.za
9 deadly.org
9 attrition.org
8 samspade.org
7 zone-h.org
7 secureroot.com
7 packetfactory.net
7 openbsd.org
7 counterpane.com
7 2600.com
6 theregister.co.uk
6 thc.org
6 team-teso.net
6 symantec.com
6 securitytracker.com
6 phoneboy.com
6 ntbugtraq.com
6 netsys.com
6 neohapsis.com
6 heise.de
6 antionline.com
5 tlsecurity.net
5 sourceforge.net
5 icat.nist.gov
5 hackingexposed.com
5 eeye.com
5 cotse.com
5 ccc.de
5 archives.neohapsis.com
4 wiretrip.net
4 vulnwatch.org
4 thehackerschoice.com
4 security.nl
4 nsa.gov
4 nipc.gov
4 infosecuritymag.com
4 immunitysec.com
4 freshmeat.net
4 csrc.nist.gov
4 cert.uni-stuttgart.de
4 astalavista.net
3 windowssecurity.com
3 w00w00.org
3 uksecurityonline.com
3 symlink.ch
3 sun.com
3 spitzner.net
3 seifried.org
3 securityresponse.symantec.com
3 securite.org
3 razor.bindview.com
3 owasp.org
3 network-tools.com
3 netfilter.org
3 megasecurity.org
3 marc.theaimsgroup.com
3 isc2.org
3 iana.org
3 hammerofgod.com
3 debian.org
3 cyberarmy.com
3 blackhat.com
3 blackcode.com
2 zonelabs.com
2 xfocus.org
2 xakep.ru
2 wiretapped.net
2 webmin.com
2 webattack.com
2 ussrback.com
2 treachery.net
2 techrepublic.com
2 sysinternals.com
2 st.ryukoku.ac.jp
2 sqlsecurity.com
2 sleuthkit.org
2 security.ziffdavis.com
2 securityspace.com
2 securityportal.com
2 security.nnov.ru
2 securitybugware.com
2 rootshell.com
2 rootsecure.net
2 redhat.com
2 portsdb.org
2 porcupine.org
2 pivx.com
2 phenoelit.de
2 packetattack.com
2 osvdb.org
2 ossr.net
2 osnews.com
2 openssh.org
2 nmrc.org
2 newsnow.co.uk
2 news.netcraft.com
2 news.ists.dartmouth.edu
2 netric.org
2 mitre.org
2 kill-hup.com
2 isecom.org
2 internetpulse.net
2 hsc.fr
2 hispasec.com
2 hackerthreads.org
2 hackers.inside.net
2 gnupg.org
2 freebsd.org
2 extremetech.com
2 dnsstuff.com
2 digital-root.com
2 cymru.com
2 cultdeadcow.com
2 corsaire.com
2 ciac.org
2 cerias.purdue.edu
2 bugtraq.com
2 blacksun.box.sk
2 bastille-linux.org
2 apocalypseonline.com
2 abuse.net
Cheers,
Fyodor
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help@insecure.org . List archive: http://seclists.org
Received on Dec 19 2003
Intro
