Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nano probe vs NMap: quick questions

From: "Littlefield, Tyler" <tyler () tysdomain com>
Date: Mon, 05 May 2014 10:15:26 -0400
On 5/5/2014 7:24 AM, Michael Pattrick wrote:

Hadn't heard about "nanoprobes" until now, went to Gibson's website with
the honest intention of learning. And my god that is some indecipherable
technobable.


No joke.

 So ignoring the GRC side of things. There are various online port scanners
both based on Nmap and a variety of other tools, a simple web search finds
them pretty fast. Nmap XML output, when paired with a stylesheet, looks
reasonably presentable to a wide audience.

That said, this type of home IP port scan was far more relevant when
everyone was connecting their windows 95 box directly to their cable
modem. Nowadays dlink routers block out this type of scan and give users a
false sense of security.

That's pretty much what I was thinking, not to mention most wouldn't have access to update their router or care if we told them 
UPNP was enabled and should be disabled, for example. I guess this probably isn't worth much, I just thought there could be some use 
in using NMap and other systems to help educate the public, but I wasn't sure what could be shown and whether or not it could be 
useful. Basically I wanted to take the snake oil sales out of GRC and provide something useful. Alternatively though, this would have to be 
widely published and people would have to care enough to check it out, which is why I wanted to put usability pretty high.
-M

On Mon, May 5, 2014 12:46 am, Littlefield, Tyler wrote:


Hello all:
I've long since came to the conclusion that Gibson is totally nuts and
etc, but I've recently seen some comparisons to NanoProbe vs NMap, so i
had a couple of questions.
I've not used this--I was actually looking at it and just stopped
reading after his jabber about this all being written in asm, but I
think he does make one valid point under all the garbage:
Being able to show end-users their vulnorabilities could be incredibly
interesting and might, perhaps help with educating folks about internet
security. Obviously hosting this on a remote server and having NMap run
on any target could be exploited, but what are the chances of say using
a cut-down form of NMap or something to allow a user to test his/her
issues?
Basically, I'm asking if somehow NMap and similar technologies could be
somehow employed to help disclose vulnorabilities and help educate
end-users.

I think internet security is a pretty vast field and for those who don't
really want to learn a lot, it can be hard to educate people. But I
believe the majority of people would really be concerned and want to
learn more.

What sorts of projects exist currently to help do what I'm talking
about? If there's nothing, any ideas on how something like this could be
presented?
Thanks,

--
Take care,
Ty
http://tds-solutions.net
He that will not reason is a bigot; he that cannot reason is a fool; he
that dares not reason is a slave.

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/






--
Take care,
Ty
http://tds-solutions.net
He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: