Ask Fyodor Your Network Security Questions

Fyodor is the driving force behind Insecure.org and the top-rated Nmap network exploration and security auditing tool. He's also involved in The Honeynet Project (and is a coauthor of the project's book, Honeynet: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community). One question per post, please. We'll run Fyodor's answers to 10 of the highest-moderated questions as soon as he gets them back to us.

For The Lazy

[JWhitlock]

I saw the Top 75 Security Tools survey you did...

Here [insecure.org] is the list.

Re:Super-DMCA

[greyfeld]

These laws are not just "proposed", but a reality in Delaware, Illinois, Michigan, Oregon, Pennsylvania, Wyoming and by now is law in Arkansas (it was sitting on the governor's desk two weeks ago and he hadn't signed it, but becomes law after so many days anyway). Coming soon to a state near you - Colorado, Florida, Georgia, Massachusetts, Tennessee and Texas! You can throw your Nat'ing firewalls, Honey Pots, routers and internet connection sharing out the window folks! Act now in those states before it is too late.
Go to the EFF site here. [eff.org]

Re:Weakest link: Between systems and people

[CodeBuster]

In response to your question Simon I would recommend the new book, "The Art of Deception", by Kevin D. Mitnick, which addresses various security scenarios and events, both real and fictional, which include the human element of security. In addition to the scenarios presented, which include transcripts of phone conversations and descriptions of actual attacks, Kevin presents several chapters on good user policies for personnel ranging from the system administrator to the secretary working at the front desk for minimizing the potential of a social engineering attack. These are not highly technical security policies, but rather simple suggestions and procedures that reinforce good security habits and make a successful social engineering attack much harder to accomplish. In fact, a main point of the book is that high tech security measures are rarely the problem when a security breach occurs...it is far easier to attack the weakest part of the system (the people using it) than to try and break in through the network via a terminal session. I was shocked especially by the phone conversations between the social engineers and the unsuspecting employees, even a person with little technical knowledge could potentially be a serious threat to your network. I had never considered that possibility before. In conclusion I found, "The Art of Deception", to be a rare and refreshing look at one of the most overlooked elements of security.

Re:Open port... what now?

[caluml]

netstat -planet as root for TCP connections. Change the t to a u for UDP.

Re:Recent increases in anal-retentiveness...

[Electrum]

As I recall, I'd elected to use a less stealthy TCP scan because I wanted to be as aboveboard as possible, sorta like the LAN equivalent of yelling "Hey, anyone home?" from the sidewalk as opposed sneaking up and trying the doorknobs with a stealth SYN scan. =P

But it's better to not be detected at all. Plus with a SYN scan you have deniability. The source address can be spoofed (even nmap will do it -- see decoy scan). Thus, it wasn't necessarily you that sent the packets.

Re:Open port... what now?

[Lennie]

For windows 'netstat -nap', there is 'fport'
see: http://www.insecure.org/tools.html