Re: Bootable Nmap virtual network CD

[David Pybus <david_pybus () yahoo co uk>]

I think before we progress this idea too much further we really need to ground
out what we would to achieve with the CD. In order to do that we need to agree
to some questions about what the CD should provide:
 1) Is the CD purely a demo/testbed CD for nmap or do we plan that people use
    it as an actual attack system in the real world. If we only plan on the
    former we don't need to worry "as much" about keeping the thing upto date,
    learn the basics on the knoppic-toy and then move onto the real thing with
    current software.
 2) Is the book going to contain worked examples/questions/exercises? Should 
    these be worked around the CD and what it allows you to? If you use the CD
    then you can give tips/answers based on the test network?
 3) What is the CD going to emulate. There are various issues here depending on
    what is being done at a given time. What about a menu driven system. The
    user has several options such as, scan /16, scan virtual hosts, scan FW
    scan randomly generated network. The menu/script/whatever then setups a
    virtual network accordingly. This allows for much more variation and if
used
    with examples/questions from the book, then different virutal environments
    could be produced depending on what the chapeter was about.
I am sure people would add other questions to that list but by making the CD
flexible then we stand more chance of it being all things to all people from an
experimental perspective, i.e. for bulk scanning just use honeyd emulating /16
but for host fingerprinting run linux and bsd under bochs. Also putting the CD
in the book will give at least some people access to what they couldn't either
download, after all not all of us can download ISOs at 2M/s.

David Pybus

 --- Bennett Todd <bet () rahul net> wrote: > 2003-11-12T23:07:32 Eddie:
> > Also, is there consensus yet on how many machines would be needed?
>
> "needed"? You'll never see agreement.
>
> If you'll substitute "desired", then I'll answer "loads", like "a
> /16 full". honeyd ought to be able to do that pretty well, spoofing
> various OS types. I'm expecting that the config for this would be
> something we'd generate with a program, not try to hand edit.
>
> >  While I think it may be most helpful to focus on a couple
> > machines for most of the examples, I can imagine a chapter on
> > "shotgun" scanning.
>
> This is _so_ weird. Am I the only person on this list who never uses
> nmap as a burglary tool, rarely uses it for security assessment, but
> turns to it routinely for pefectly ordinary network discovery?
>
> I'll build databases classifying hosts by os type, and
> cross-reference them against the admin databases that are supposed
> to completely describe the net, turning up missing and stale
> entries.
>
> I'll look for "rogue" (i.e. unsupported) servers for various
> protocols, to help make sure that upgrade schedules have complete
> coverage.
>
> When you've got an balkanized enterprise that is built by pasting
> together a couple of decades worth of mergers and acquisitions, and
> whose IT organizations have undergone reorganizations every few
> years, it's common to find that absolutely nobody knows exactly
> what's on the net, and finding out is too big a job for manual
> walkaround inventory. nmap is my friend.
>
> -Bennett

> ATTACHMENT part 2 application/pgp-signature 
 

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://mail.messenger.yahoo.co.uk

---------------------------------------------------------------------
For help using this (nmap-writers) mailing list, send a blank email to 
nmap-writers-help () insecure org .