Nmap book; Silly Microsoft; Top Security Sites

[Fyodor <fyodor () insecure org>]

Hi All,

My request for comments on an Nmap book drew a very impressive
response!  More than 500 of you wrote me with an opinion on which way
to go.  You certainly have very diverse ideas, and I am greatly
encouraged that there is so much interest!  So I have hunkered down
and began writing.  Incidentally, that is why you haven't heard from me
in so long.  Here is the overview I decided on:

OVERVIEW: Documents the free Nmap Security Scanner, from port scanning
basics for novices to the types of packet crafting used by advanced
hackers.  Covers network scans for identifying hosts on a network,
including techniques that are unavailable with other tools.  Provides
hints for optimizing scanning speed, analyzing or circumventing
firewalls, avoiding intrusion detection systems, and more.  Explains
strategies for detecting and defending networks against unwanted Nmap
probes.  Describes finding the operating system and service versions
running on target computers.  Examples and diagrams show actual
communication on the wire.  Recipes detail common tasks such as
listing which hosts provide a given network service and searching for
outdated or insecure software versions.  Demonstrates how to automate
Nmap for discovering missing or unexpected hosts and services,
including crashed hosts and many virus infections.  This book is
essential for anyone who needs to get the most out of Nmap,
particularly security auditors and systems or network administrators.
Includes details for installing Nmap under Linux, Unix, Windows, Mac
OS X, and even handheld devices.

It may take me at least another six months to finish, because I don't
want to cut any corners in creating the most useful and comprehensive
Nmap book I can.  There are a few chapters that I plan to post
early, and I will send a note here or post on Insecure.Org when they
are ready.

In other news, I recently gave an interview for the popular security
portal and defacement archive Zone-H: http://www.zone-h.org/en/interviews

I also have some more Nmap survey results for you!  The tools site (
http://www.insecure.org/tools.html ) generated from that survey has
been extraordinarily popular, and the feature voting was helpful in
prioritizing development.  Note that two of your top 5 requests
(results at
http://seclists.org/lists/nmap-hackers/2003/Apr-Jun/0011.html ) have
been completed (version and service fingerprinting), and another one
of the top 5 (make Nmap faster) is my next major priority.

The 2,000 of you who took the survey may also remember the new
query for your favorite web sites.  I have been
rather slow at analyzing those, but I couldn't permit 2003 to pass
without doing so.  I hope to use these results to (finally) update
some of my link pages, but for now here are your results:

NOTES:

o I canonicalized the URLs because many sites have several names
  (e.g. teso.scene.at and team-teso.net ).  packetstormsecurity.nl is
  the leader in having a huge number of unique URLs pointing to it :).
  I removed www. from the front of addresses - in a few cases you may
  need to add it back, although most sites work without it.  I also
  removed Insecure.Org .

o I removed paths in the URL to only count the site name.  This only
  really mattered for a couple general-purpose sites that happened to
  have a popular security section, such as microsoft.com.  Speaking of
  which, I am getting an interesting error right now on
  http://www.microsoft.com/security/ .  I like the little JSP source
  code view box and the path disclosure of
  d:\http\library\toolbar\3.0\asp.aspx .  The explicit version numbers
  ("Microsoft .NET Framework Version:1.1.4322.942; ASP.NET
  Version:1.1.4322.936") could prove handy as well.  A handy stack
  trace too!  Hmm ... the problem seems to be fixed but here is an
  excerpt of the goodies (& a link to the whole page):
  http://www.insecure.org/tmp/ms-security-errorpage-excerpt.txt .
  Oops .. now back on topic.

Here are all 153 your favorite sites that received at least 2 votes, in
decreasing vote count order.  There are some good sites to
explore here, particularly some of the more specialized ones in 
the <= 10 vote range:

    276 securityfocus.com
    159 packetstormsecurity.nl
     92 sans.org
     86 cert.org
     46 securiteam.com
     38 linuxsecurity.com
     37 phrack.org
     30 neworder.box.sk
     29 slashdot.org
     24 google.com
     18 securitynewsportal.com
     17 infosyssec.com
     15 snort.org
     15 honeynet.org
     15 dshield.org
     15 astalavista.com
     13 whitehats.com
     13 incidents.org
     12 microsoft.com
     12 iss.net
     11 cisecurity.org
     10 networkintrusion.co.uk
     10 isc.incidents.org
     10 grc.com
     10 foundstone.com
     10 cve.mitre.org
     10 atstake.com
     10 astalavista.box.sk
      9 security-forums.com
      9 packetstorm.org
      9 net-security.org
      9 nessus.org
      9 hack.co.za
      9 deadly.org
      9 attrition.org
      8 samspade.org
      7 zone-h.org
      7 secureroot.com
      7 packetfactory.net
      7 openbsd.org
      7 counterpane.com
      7 2600.com
      6 theregister.co.uk
      6 thc.org
      6 team-teso.net
      6 symantec.com
      6 securitytracker.com
      6 phoneboy.com
      6 ntbugtraq.com
      6 netsys.com
      6 neohapsis.com
      6 heise.de
      6 antionline.com
      5 tlsecurity.net
      5 sourceforge.net
      5 icat.nist.gov
      5 hackingexposed.com
      5 eeye.com
      5 cotse.com
      5 ccc.de
      5 archives.neohapsis.com
      4 wiretrip.net
      4 vulnwatch.org
      4 thehackerschoice.com
      4 security.nl
      4 nsa.gov
      4 nipc.gov
      4 infosecuritymag.com
      4 immunitysec.com
      4 freshmeat.net
      4 csrc.nist.gov
      4 cert.uni-stuttgart.de
      4 astalavista.net
      3 windowssecurity.com
      3 w00w00.org
      3 uksecurityonline.com
      3 symlink.ch
      3 sun.com
      3 spitzner.net
      3 seifried.org
      3 securityresponse.symantec.com
      3 securite.org
      3 razor.bindview.com
      3 owasp.org
      3 network-tools.com
      3 netfilter.org
      3 megasecurity.org
      3 marc.theaimsgroup.com
      3 isc2.org
      3 iana.org
      3 hammerofgod.com
      3 debian.org
      3 cyberarmy.com
      3 blackhat.com
      3 blackcode.com
      2 zonelabs.com
      2 xfocus.org
      2 xakep.ru
      2 wiretapped.net
      2 webmin.com
      2 webattack.com
      2 ussrback.com
      2 treachery.net
      2 techrepublic.com
      2 sysinternals.com
      2 st.ryukoku.ac.jp
      2 sqlsecurity.com
      2 sleuthkit.org
      2 security.ziffdavis.com
      2 securityspace.com
      2 securityportal.com
      2 security.nnov.ru
      2 securitybugware.com
      2 rootshell.com
      2 rootsecure.net
      2 redhat.com
      2 portsdb.org
      2 porcupine.org
      2 pivx.com
      2 phenoelit.de
      2 packetattack.com
      2 osvdb.org
      2 ossr.net
      2 osnews.com
      2 openssh.org
      2 nmrc.org
      2 newsnow.co.uk
      2 news.netcraft.com
      2 news.ists.dartmouth.edu
      2 netric.org
      2 mitre.org
      2 kill-hup.com
      2 isecom.org
      2 internetpulse.net
      2 hsc.fr
      2 hispasec.com
      2 hackerthreads.org
      2 hackers.inside.net
      2 gnupg.org
      2 freebsd.org
      2 extremetech.com
      2 dnsstuff.com
      2 digital-root.com
      2 cymru.com
      2 cultdeadcow.com
      2 corsaire.com
      2 ciac.org
      2 cerias.purdue.edu
      2 bugtraq.com
      2 blacksun.box.sk
      2 bastille-linux.org
      2 apocalypseonline.com
      2 abuse.net

Cheers,
Fyodor

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List archive: http://seclists.org