Sponsored By:
The the live stream should be active about 7:00 PM EST, today, Thursday November 30th. We should begin recording the live show at about 7:15 PM EST. Please keep in mind that these times are all estimates, but we will try to do the best that we can.
Please note that today we may also be attempting to record an Listener Feedback episode in addition to the regular episode
When active, the live stream can be found at:
http://hydrogen.oshean.org:8000
Please join us, and thanks for listening!
- Larry
Audio Feeds: 
Having recently spent some time working with Nmap for an upcoming course, I noticed that there is room for speed improvements in many of our Nmap commands. For example, the following command:
nmap -A -p 80 192.168.1.0/24
can be run in a similar manner, but in half the time. The goal of the above command is to gather the service fingerprint of all web servers in your environment. This is valuable information, and especially useful when looking for "interesting" services running on port 80, like botnet controllers. So, as a speed test lets run the above command against the most port scanned system in the world:
# nmap -A -p 80 scanme.insecure.orgStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-11-20 13:41 EST
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on scanme.nmap.org (205.217.153.62):
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.2 ((Fedora))
Too many fingerprints match this host to give specific OS detailsNmap finished: 1 IP address (1 host up) scanned in 14.204 seconds
The first command option "-A" tells Nmap to execute an OS fingerprint in addition to a service fingerprint for all ports specified. In this case we are specifying port 80 with the "-p 80" option. Since we only told Nmap to detect one port, it will only ever find one port to be open, hence the complaint from the OS fingerprinting engine "OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port". To cut the scan time in half, use the following command:
# nmap -sV -T4 -n -p 80 scanme.insecure.orgStarting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-11-20 13:54 EST
Interesting ports on 205.217.153.62:
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.2 ((Fedora))Nmap finished: 1 IP address (1 host up) scanned in 6.948 seconds
The first change we made was replace the "-A" with "-sV". This tells Nmap to only do service fingerprinting and not OS fingerprinting. We then added the "-T4" command option, which tells Nmap to use "aggressive" timing options. The "-T4" is really like a macro for other, more advanced, Nmap command line options such as "--max-rtt-timeout" which refers to how much time Nmap will wait for responses. The "-T4" is a good place to start to speed up a scan. The "-n" flag tells Nmap to ignore host name resolution (even though it will do this much faster since 3.97-Shmoo). We can see that by making these three small changes our scan time went from "14.204 seconds" to just "6.948 seconds". This is a HUGE time saving when attempting to scan a class C or class B network.
Happy portscanning!
NOTE: For those in the New England area I will be teaching courses on Nmap and Nessus that will cover the concepts above and more. For more information drop me a note, paul /at/ pauldotcom.com.
Cheers,
Paul.com
Live from the Brand New PaulDotCom Security Weekly Studio where we were celebrating the one year anniversary of our show! Happy Birthday PaulDotCom Security Weekly!
In the studio to help us celebrate is Andrew Lockhart, creator of Snort Wireless, and author of Network Security Hacks.
Spinning for us live in the studio for this episode is DJ Jackalope! If you like the sounds, make sure you go buy stuff from her Cafepress store! She is also the proud owner of the only autographed pair of twitchy thongs :)
Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin
Email: psw@pauldotcom.com
Audio Feeds:
Live from the Brand New PaulDotCom Security Weekly Studio where we were celebrating the one year anniversary of our show! Happy Birthday PaulDotCom Security Weekly!
In the studio to help us celebrate is Andrew Lockhart, creator of Snort Wireless, and author of Network Security Hacks.
Spinning for us live in the studio for this episode is DJ Jackalope! If you like the sounds, make sure you go buy stuff from her Cafepress store! She is also the proud owner of the only autographed pair of twitchy thongs :)
Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin
Email: psw@pauldotcom.com
Audio Feeds:
The the live stream should be active about 7:00 PM EST, today, Thursday November 9th. We should begin recording the live show at about 8:00 PM EST. Please keep in mind that these times are all estimates, but we will try to do the best that we can.
You may be asking what is so special about today, and why is the stream up so early before they record? Here's why:
We have made this our 1 year anniversary show. It was close enough and we had something special. In the studio will be:
Andrew Lockhart of many fames, including Snort-wireless
DJ Jackalope, spinning live for your listening pleasure!
When active, the live stream can be found at:
http://hydrogen.oshean.org:8000
Please join us for our "special day" and thanks for listening!
- Larry
Live from the Brand New PaulDotCom Security Weekly Studio....
Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian, Nick "Twitchy" Depetrillo, Joe "Mr. C" Conlin
Email: psw@pauldotcom.com
Audio Feeds:
We are still sorting out internet connectivity issues at the new studio location, so it may not be possible to have the live stream this week. We'll make every reasonable effort, but we're not sure if it will be an option this week.
If we are able to get the stream active it would be up around 7:30 EST, November 2nd. We're not making any promises other than, "we'll try".
If active, the live stream can be found at:
http://hydrogen.oshean.org:8000
Thanks for your understanding while we make the transition to our new studios.
- Larry
Don't forget to check out the Security Roundtable, where both Paul and Larry are regular participants of the podcast. Episode #6 has a lively discussion on Instant Messaging with Krishna Kurapati, Chief Technology Officer of Sipera Systems.
We had a great discussion on IM in the workplace, blocking, how to block or limit access, and some of the risks and challenges associated with it all.
Please, go and give it a listen.
- Larry