Nmap Announce mailing list archives
New Nmap development list; Securityfocus interview; Defcon 8!
From: Fyodor <fyodor () insecure org>
Date: Thu, 6 Jul 2000 20:23:53 -0700 (PDT)
Hi all, Things have been quiet on the Nmap front lately. We have been working on several other cool projects. But Nmap will not be on the back burner for long -- a lot of good stuff is planned. In particular, I am starting to realize just how important service detection can be. It is too easy to miss security holes by assuming that (say) 113 open on a host is "just an identd" server. Maybe some idiot employee noticed that 113 inbound was open through the firewall so he stuck his exploitable wu-ftpd there. Plus, people are putting httpd servers on all sorts of ports these days. It would be nice if nmap could actually recognize these services and relegate the nmap-services map to a backup guess (and tell you its a guess). You may recall that Jay Freeman sent a cool service (and version-number) detection patch to this list a while back. So it is certainly possible. We just have to find the best way to do it in a scalable, secure, efficient, and intuitive fashion. I have set up an unmoderated development list for discussion of this and other issues. Here is the description that is sent to new subscribers: -- Begin description blurb: nmap-dev is a mailing list intended to facilitate the development of the free Nmap Security Scanner. It provides an unmoderated forum for people to contribute ideas, patches, suggestions, etc. We also discuss the pros and cons of proposed changes to Nmap. Thus this list also serves as a sort of developmental "steering committee". New (test/beta) versions of Nmap may sometimes be released here prior to general availability for quality assurance purposes. Anyone hardcore enough to subscribe to nmap-dev should probably also subscribe to nmap-hackers (mailto: nmap-hackers-subscribe () insecure org ). That is a moderated list which carries nmap-related announcements and other important traffic. -- end subscription blurb To subscribe to this list, send a blank mail to nmap-dev-subscribe () insecure org . Note that this list is mostly for programmers and the most hardcore users. New nmap versions and third party nmap-related projects will still be announced here on nmap-hackers. On another note, Securityfocus has posted an audio interview I did with them a while back. It is at http://www.securityfocus.com/templates/media.html?id=27 . Unfortunately it is only available in the Evil, proprietary Real Audio format. Maybe someday they will offer text transcripts or mp3 versions (which is still proprietary, but not as Evil or privacy-invasive). If someone converts it to mp3, please send an email to me or the list (but please give an URL, don't attach it to a list msg). Also, it is worth reminding everyone that Defcon 8 is coming this month! See www.defcon.org . This con came in first place in our recent nmap-hacker survey, and I tend to agree with that assessment. I spoke ( impromptu:) at Defcon 7, but will probably not be doing so this year. I have added a Defcon banner to the top of the Nmap page for July. Cheers, Fyodor
Current thread:
- New Nmap development list; Securityfocus interview; Defcon 8! Fyodor (Jul 06)