Carolyn P. Meinel Hall of Shame
Hacking Guide Errata
> GUIDE TO (mostly) HARMLESS HACKING
>
> Vol. 2 Number 4
> However, the essence of hacking is doing things that aren't obvious. That
> don't just jump out at you from the manuals. One way you can move a step up
> from the run of the mill computer user is to learn how to port surf. I'll
> bet you won't find port surfing in a Unix manual.
You will find it in almost every unix security book out there.
_Unix Security_ page 10: "Tip 8: Log and scan as much as you can"
_Internet Security Professional Reference_ page 395: "The hacker can write
similar socket programs to [portscan]..."
_Practical Unix & Network Security_ page 534: "Network Scanning"
> Now if you are a lazy hacker you can use canned hacker tools such as Satan
> or Netcat. These are programs you can run from Linux, FreeBSD or Solaris
Consistancy Alert! In the GTMHH 2.1, you called SATAN "the most elite of hacking
scripts".
There is a difference between lazy and convenience. Running netcat
or strobe or some other utility to scan ports cuts out hours of
manual scanning. It would take you half a day to portscan a machine
and document the results.
> However, there are several reasons to surf ports by hand instead of
> automatically.
>
> 1) You will learn something. Probing manually you get a gut feel for how the
> daemon running on that port behaves. It's the difference between watching an
> x-rated movie and (blush).
Good thought, poor execution. If you use a utility to find the active
ports on a machine, you can then spend all your time checking the
active ports manually. If you don't, then you waste half a day trying
to find which are active, when that time could be better utilized
playing with the daemons.