Google Analytics

Search

To search for specific articles you can use advanced Google features. Go to www.google.com and enter "site:darrellgrainger.blogspot.com" before your search terms, e.g.

site:darrellgrainger.blogspot.com CSS selectors

will search for "CSS selectors" but only on my site.


Monday, March 17, 2008

nmap and amap

Back in the day I used to frequent alt.2600. This was a usenet newsgroup. They are not as popular now a days. If you wanted to learn something about say C programming, you'd go to comp.lang.c and read the messages. It was a lot like a bulletin board. The alt.* newsgroups were easier to form and didn't require you to get a bunch of people to vote on whether or not you could form the group. You would constantly see things like alt.bork.bork.bork.swedish.chef or alt.wesley.crusher.must.die.

One alt group that was formed and lasted for quite some time was alt.2600. The frequency 2600 Hz was a tone AT&T used to indicate a line was not in use. A hacker found that a whistle you got with Captain Crunch cereal could transmit the 2600 Hz signal. He would call a long distance number, blow the whistle and AT&T would assume the line was not in use, thus he got long distance calls for free.

alt.2600 was devoted to hackers, like Captain Crunch (the nickname of the guy who discovered the 2600 Hz trick), sharing information about hacking. Some were ethical and some were not.

Today there is a 2600 magazine available. I was reading this magazine today and it had a nice article on tools like nmap and amap.

I was familiar with nmap. The nmap software is a Network MAPper. You can use it to probe a network. You pick a machine and nmap will probe the machine to see what ports are active. You can either listen, passively, for transmissions or you can actively send data to various ports and see what responses you get back. If you are passive, the machine operator would not know you are out there probing his/her network but you don't get a lot of information back this way. If you actively probe the network you get a lot more data back but the system operator will be able to detect you are probing their network.

The art of hacking seems to be a dying art. Many of the system operators out there today don't think to look for people probing their network. Most will try to keep some sort of logging. If you do something malicious they will check the logs to see who did it, i.e. they are more reactive then proactive.

So you can often probe networks so long as you don't do anything to make the system operator respond.

The amap program, I just read about, is an Application MAPper. Programs like nmap or netscan will probe a system but they can easily be tricked. For example, web servers are typically at port 80. If I have an application server running at port 80, mapping software might mistakenly assume it is a web server. The claim of the 2600 article is that amap is a little smarter than that.

I'll still have to download the source code and compile a version for myself.

You can find information about nmap at http://en.wikipedia.org/wiki/Nmap. For amap, you'll need to go to http://freeworld.thc.org/thc-amap/ and compile the program yourself. NOTE: a good way to hack someone is to give a novice a tool that lets them play without the source code. The novice downloads and runs the 'tool' only to find out they have installed a trojan horse on their system. You always want the source code *AND* you want to look at the source to see what it is doing. If there is any cryptic code like:

main(){int j=10024;char t[]=":@abcdefghijklmnopqrstuvwxyz.\n",*i=
"@zp:pf:qbogw\nxbz\nexke.z";char *strchr(const char *,int);while(
*i){ j+=strchr(t,*i++)-t;j%=sizeof t-1;putchar(t[j]);} return 0;}

Don't use it. If you don't understand what a piece of code does there is a good chance it is a trojan horse.