What is Digg?Sponsored by Travelzoo
Take Advantage of Ridiculously Low Holiday Airfares view!
travelzoo.com - Flights $52 and up for Thanksgiving, Christmas & New Year. But move on it now.
17 Comments
- inactive, on 10/12/2007, -1/+8Easier way:
1. Join an IRC chat room with 250+ Linux gurus.
2. Call them all fags and proclaim that Bill Gates kicks Linus Torvald's ass.
3. Give them your IP address (Optional, since it's amazingly easy to get it on IRC).
If your machine is still running the next day, you're good. - mancat, on 10/12/2007, -2/+9Wow. What an insane amount of work and complexity to get only a tenth of the information that nmap gives you in half the time.
- kanenas.net, on 10/12/2007, -0/+2This is a very strong argument !
;-) - Leebert, on 10/12/2007, -0/+1Maybe I'm just being naïve here, but if I had a firewall with 15,000 rules, I think I'd be doing something wrong.
- jimmyblake, on 10/12/2007, -1/+2A direct comparison with nmap isn't really fair as nmap will not analyse the output or munge the packet properly to simulate a multi-network origin. If you've got an Enterprise firewall with 15,000 rules, going through the output of nmap is very difficult, plus you'll have to make the nmaps look like you're coming from multiple different locations. nmap is great as a single tool from a much larger toolbox.
This looks interesting, but a similar open source tool called Tomahawk (which is mainly used for testing IDS/IPS systems) has been around for a while - http://tomahawk.sourceforge.net/ - I have to admit a vested interest, I used to work for the company that started the original Tomahawk project. With the Tomahawk you can take pcaps using TCPDUMP/Ethereal and then reply them through a device and you can even amplify (capture 10 Mbps worth of traffic, but play out 1 Gbps worth of traffic) and munge source/destination packets.
The Tomahawk is designed for a different purpose than this tool, but if you're interested in this have a look at it. Like I said, this is another tool for the toolbox. Those that rely on one tool are only seeing/testing a very limited aspect of the network/host. - jimmyblake, on 10/12/2007, -0/+1Two words, inaccurate and sucky on its own. All nessus scans need manual confirmation.
- keithwint, on 10/12/2007, -1/+2If you actually read the docs you'll see that this has *nothing* to do with testing firewalls ala nmap/firewalk. It's a competely different tool that produces real traffic (including stateful one) and you can *actually* check and *spoof* the packets (and connections) and see what's happening on the
other side. It's a completely different testing method which is complementary to nmap approach.
Ideally you should use both, so please don't try to compare two completely different methods. - stormmind, on 10/12/2007, -3/+3Weird perlscript? Defining your own packets ad infinitum??
Nessus and nmap is all you need, baby! - mack1082, on 10/12/2007, -2/+2Looks like the wheel has been re-invented. I think I'll stick with Nmap.
- sdaf, on 10/12/2007, -3/+3Nice and well written guide! I can also recommend Shields Up! at www.grc.com for testing/checking your firewall :-)
- kanenas.net, on 10/12/2007, -2/+2Using another tool, just to make sure that the firewall is working right, doesn't hurt anybody !
- jimmyblake, on 10/12/2007, -0/+0I agree, this has more akin to Tomahawk (mentioned above). People are just trying to flex their muscle by proving they know about one-or-two tools.
I use quite a few tools in my job including Tomahawk, Spike, THC-AMAP, Etherape, dsniff, TCP traceroute, aircrack/airsnort/airereplay/kismet (for wireless), ettercap, ethereal, fping, nemesis, driftnet, vomit, john the ripper, hydra, nikto, ngrep, ntop, arpwatch, dsniff, fragroute, nmap, nessus, nessus inline, cheops, metasploit (rarely), honeyd, firewalk, lids, tripwire, aide, stunnel, tcpdump/tcpreplay, bile, paketto, ISS scanner, eEye Retina, nCircle 360, SkyBox and more.
James - jrittenh, on 10/12/2007, -1/+0One word...Nessus
- jimmyblake, on 10/12/2007, -1/+0lmao, that is soo true. Or start a security product that picks on spammers, like BlueSocket
- jimmyblake, on 10/12/2007, -1/+0On Enterprise firewalls terminating point-to-point VPN connections from over 280 remote sites globally, some of which you don't trust because they have just been taken over in an acquisition, running bespoke applications on funky ports - you could easily get that many rules. I've worked on firewalls for managed services arms of telcos with tens of thousands of rules.
That is why I don't say 'just use Nessus and nmap - it's all you need'.
James - mcgrew, on 10/12/2007, -2/+1Who needs a firewall on Linux anyway? It's not like Windows, where you have those little services running that listen on internet ports, including the ones that can install themselves without your knowledge...
localhost ~ $ nmap 192.168.0.50,51
Starting nmap 3.83.DC13 ( http://www.insecure.org/nmap/ ) at 2006-05-10 11:27 EST
Interesting ports on 192.168.0.50:
(The 1659 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
25/tcp open smtp
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1029/tcp open ms-lsa
All 1667 scanned ports on 192.168.0.51 are: closed
These are both with no firewalls turned on. I think you can guess which is which...as you can see there is nothing listening that will respond in any way on the linux machine.
This guy seems to be devising ways to do lots of unnecessary stuff. Checking for linux for rootkits is also pointless -- you can't get a rootkit unless you're running as root when unnecessary or installing shady software, neither of which you should ever do. - orbitalleader, on 10/12/2007, -5/+1nmap is your friend. Use it.
Howtoforge has got to be one of the worst Linux sites ever.
© Digg Inc. 2009
— Content created and posted by Digg users is