Carolyn P. Meinel Hall of Shame
Hacking Guide Errata

> Vol. 2 Number 4

> However, the essence of hacking is doing things that aren't obvious. That
> don't just jump out at you from the manuals. One way you can move a step up
> from the run of the mill computer user is to learn how to port surf. I'll 
> bet you won't find port surfing in a Unix manual.

You will find it in almost every unix security book out there.

_Unix Security_  page 10: "Tip 8: Log and scan as much as you can"

_Internet Security Professional Reference_ page 395: "The hacker can write
similar socket programs to [portscan]..."

_Practical Unix & Network Security_ page 534: "Network Scanning" 

> Now if you are a lazy hacker you can use canned hacker tools such as Satan
> or Netcat. These are programs you can run from Linux, FreeBSD or Solaris

Consistancy Alert! In the GTMHH 2.1, you called SATAN "the most elite of hacking 

There is a difference between lazy and convenience. Running netcat
or strobe or some other utility to scan ports cuts out hours of
manual scanning. It would take you half a day to portscan a machine
and document the results. 

> However, there are several reasons to surf ports by hand instead of
> automatically.
> 1) You will learn something. Probing manually you get a gut feel for how the
> daemon running on that port behaves. It's the difference between watching an
> x-rated movie and (blush).

Good thought, poor execution. If you use a utility to find the active
ports on a machine, you can then spend all your time checking the
active ports manually. If you don't, then you waste half a day trying
to find which are active, when that time could be better utilized
playing with the daemons.