Questions about black hat + nmap. What the heck nmap is there for?

None N · 11-30-2008, 01:32 AM

1. Is nmap been made to spy on others servers? After that, webmasters started to test nmap against their systems and fix the weak points, so attackers can not get a chance to penetrate?

2. If i have a server, and an attacker scanned my server remotely to fetch all system information & get the open ports. How can i know it?

3. Its been said there TCP and UDP. Any scanning that runs over TCP, it is easy for me to point the attacker location. On the other hand, it has been said if an attacker spy on my server remotely by using UDP, it is impossible for the webmaster to know where this attacker is coming from. Is this right? and Why?

4. I will be trying to test nmap against my new server remotely. There are many options in nmap, some use UDP and others uses TCP. How can i know what kind of connection (TCP or UDP) a certain option is using?

5. How many times a week do you recommend me to test my server remotely as black hat does?

feynman_rocks · 11-30-2008, 01:32 AM

1. No. As nmap's man page describes it, it is a "Network exploration tool and security / port scanner". It is just a tool. Now, what purpose you put that tool to, that makes all the difference.

2. You can watch all traffic coming down the wire with something like wireshark. With the right filters you would be able to see pings and so on.

3. TCP and UDP are two of the protocols for sending packets of data over the internet. The big difference is that TCP is more like a registered letter, you are guaranteed that any dropped packets are resent, and that packets are assembled in order on the other end. UDP is tuned for things like streaming video where we aren't as concerned with dropped packets as we are with "live" data. UDP and TCP both contain source and destination addresses in the packet.

4. Just read the docs. For certain protocols like DNS you'd be interested in UDP, others like HTTP use TCP.

5. Just close all the ports that you don't want open (services that you aren't running). Optionally you can use iptables for firewalling specific ports.

11-30-2008, 01:32 AM	#1 (permalink)
None N Junior Member Join Date: Mar 2008 Posts: 7	Questions about black hat + nmap. What the heck nmap is there for? 1. Is nmap been made to spy on others servers? After that, webmasters started to test nmap against their systems and fix the weak points, so attackers can not get a chance to penetrate? 2. If i have a server, and an attacker scanned my server remotely to fetch all system information & get the open ports. How can i know it? 3. Its been said there TCP and UDP. Any scanning that runs over TCP, it is easy for me to point the attacker location. On the other hand, it has been said if an attacker spy on my server remotely by using UDP, it is impossible for the webmaster to know where this attacker is coming from. Is this right? and Why? 4. I will be trying to test nmap against my new server remotely. There are many options in nmap, some use UDP and others uses TCP. How can i know what kind of connection (TCP or UDP) a certain option is using? 5. How many times a week do you recommend me to test my server remotely as black hat does?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

11-30-2008, 01:32 AM	#2 (permalink)
feynman_rocks Junior Member Join Date: Jun 2008 Posts: 3	1. No. As nmap's man page describes it, it is a "Network exploration tool and security / port scanner". It is just a tool. Now, what purpose you put that tool to, that makes all the difference. 2. You can watch all traffic coming down the wire with something like wireshark. With the right filters you would be able to see pings and so on. 3. TCP and UDP are two of the protocols for sending packets of data over the internet. The big difference is that TCP is more like a registered letter, you are guaranteed that any dropped packets are resent, and that packets are assembled in order on the other end. UDP is tuned for things like streaming video where we aren't as concerned with dropped packets as we are with "live" data. UDP and TCP both contain source and destination addresses in the packet. 4. Just read the docs. For certain protocols like DNS you'd be interested in UDP, others like HTTP use TCP. 5. Just close all the ports that you don't want open (services that you aren't running). Optionally you can use iptables for firewalling specific ports.