Can’t wait. Here’s my wish list:

1. Better network performance—especially handovers between 2G and 3G
2. UI performance improvement. Typing and contact search lag are worst
3. Copy and paste
4. Faster backups
5. Faster application installations
6. Background application notifications (sociolocation services need it)

What are you guys looking forward to most?

Links

[ iPhone 2.1 Beta 4 Seeded | macrumors.com ]

So I go in for my allergy work-up tomorrow. Pin pricks with lots of stuff that makes me sneeze and wheeze. It’s going to rock.

But then I get allergy shots (pills and sprays are sub-optimal). I just hope my insurance pays for it all or most of it.

And it’s all part of a plan. Aside from just wanting to not sneeze, get constant sinus infections, and have less cardio performance—I’m mostly doing this so that I can have my full wind for Jujitsu class.

The place I go to went through some changes recently, and I haven’t been going. But it’s all better now. It’s been bought by three main Jujitsu guys—including a wicked sick black belt who’s been an instructor for the Gracies in Brazil. He’s scary good.

And they are keeping their kickboxing classes as well, which will serve as a nice change of tempo on occasion.

So, things are good on this front. Allergy shots –> starting back in Jujitsu with a “new” school. Now I’ll get to try out my new gi.:

You don’t have to be an ego-freak to wonder if others are talking about you online. Egosurfing, i.e. the act of looking yourself up in search engines, is something most regular Internet users have done at least once. It’s very human to want to know if we’re affecting the world we live in.

So the old way to egosurf was to simply search for your name on Google whenever you remember to. Fun perhaps, but rather inefficient. There’s a better way.

Google Alerts

Google Alerts is a free service that lets you enter search terms (like your name or your website) that Google will monitor for you 24/7, across multiple types of online media. When someone mentions you Google will notify you immediately or at the end of the day, as desired.

And it’s customizable. You can look for yourself being mentioned in just news, blogs, video, web, or you can have it look through everything via the “comprehensive” option.

How to Get Started

1. Head over to Google Alerts
2. Put in the stuff you want to trigger on, e.g. your name (remember the quotes)
3. Set the media you want Google to search within
4. Set how often you want to be notified

That’s it. And here’s what an alert looks like.

Enjoy.:

Links

[ Google Alerts | google.com ]
[ Egosurfing | wikipedia.org ]

You may have heard the term “peak oil”. It’s an important term to know. Here’s the definition from Wikipedia:

Peak oil is the point in time when the maximum rate of global petroleum extraction is reached, after which the rate of production enters terminal decline. The concept is based on the observed production rates of individual oil wells, and the combined production rate of a field of related oil wells.

The aggregate production rate from an oil field over time appears to grow exponentially until the rate peaks and then declines, sometimes rapidly, until the field is depleted. It has been shown to be applicable to the sum of a nation’s domestic production rate, and is similarly applied to the global rate of petroleum production.

It is important to note that peak oil is not about running out of oil, but the peaking and subsequent decline of the production rate of oil.

Links

[ Peak Oil | wikipedia.org ]

This is an absolutely staggering presentation, and it’s done on an overhead projector. I suggest you watch the whole thing, but if you’re impatient, jump to part 3.

Sad, yet refreshing.

[ An Honest Obituary | legacy.com ]

It makes me militantly sad that there middle-class “Republicans” out there who are going to vote for McCain so they can avoid being over-taxed by Obama. It’s not true. But McCain doesn’t have to worry about things being “true”. He relies on the fact that modern Republicans tend not to research things. They’re voting for McCain because he’s Republican. Period.

And McCain knows this. He knows he can give his middle-class Republican base less of a tax break than Obama and still be considered by those very same people to have a better tax plan. Why? Because he thinks they’re stupid. Don’t believe me?

officeofstrategicinfluence.com

Last Friday at a private dinner (you know, the ones that cost two weeks of a middle-class salary to attend) he reportedly said the following while discussing disproportionate tax breaks:

People who make under $80,000 are too stupid to understand taxes anyway.

John McCain said that, to a room full of rich people. On August 8th. Of 2008.

Nevermind the fact that Obama would be in Gitmo within 45 minutes if he said anything remotely similar—that’s not important. What is important is that McCain claims to be the low taxes guy. But he isn’t. Not for regular people. His tax improvements for the bottom three tax brackets are comedic in nature: .7%, .5%, and .2% respectively.

In short, he intends to lower taxes for those who are already über-rich, i.e., for people like him. He will in fact be implementing a tax system that grants himself an additional $269,364 per year.

And that’s fine. I don’t mind him being for the rich. I like money too. What I mind is regular, everyday people who are going to vote for McCain because they think Obama will tax the middle class to death.

In fact, if you make less than $111,645 a year you’ll get more money under Obama’s plan than McCain’s.

Ah, but what does that matter? Even if Obama says he’s going to give more money to those making less that $112K/year, it doesn’t mean he’ll do it, right? I mean, doesn’t the Koran allow Muslims to lie to Christians?

[ Update: For those of you doubting that John McCain would say such a stupid thing, consider that he's on video, at a similar dinner, singing, "Bomb, bomb, bomb Iran..." Considering his personality this quote is highly believable. ]

At Fyodor’s talk last week at Blackhat he talked about the research he’s been doing, and the ways that research has helped him to improve Nmap. I was lucky enough to attend, and even got to chat with him briefly and get a signed copy of his new book.

Anyway, after receiving numerous complaints over the years regarding performance, he did some colossal scans of the Internet in order to see how Nmap handled extremely large address ranges. What follows is a collection of the most interesting features he added, and information he learned, while doing his research.

Setup

First off, in case you want to test out some of these features as well, you’ll need to get the version of Nmap that he was using during this presentation. The current, stable branch does not have much of this functionality. You can get it via SVN like so:

svn co --username guest --password "" svn://svn.insecure.org/nmap-exp/bhdc08/

Then build it the standard way:

1. ./configure
2. make
3. make install

The --top-ports Scan Option

One of Fyodor’s main focuses was improving Nmap’s speed through improved efficiency. One of the best ways to do this is to allow for scans of fewer ports, but this requires that you choose those ports carefully so as to miss as little as possible. So what he did, through trial and error and tons of scans, was figure out the most frequently open ports on the Internet.

Here they are for each protocol:

TCP

1. 80
2. 23
3. 22
4. 443
5. 3389
6. 445
7. 139
8. 21
9. 135
10. 25

UDP

1. 137
2. 161
3. 1434
4. 123
5. 138
6. 445
7. 135
8. 67
9. 139
10. 53

Ok, so now that we know what the top 10 ports are, wouldn’t it be cool to be able to scan based on them? And what if we wanted to scan the top 50? Or the top 100?

Fyodor has built this in with the --top-ports option. It’s wicked nice, and you invoke it like this:

nmap –top-ports 100 $target

And of course, 100 is just an arbitrary number, so you could just as easily do this:

nmap –top-ports 3000 $target

As you increase this number you obviously gain more and more accuracy, but because the ports are organized according to the most commonly found on the Internet, you can scan relatively few and still have good chances of finding everything open.

Stats from his presentation on TCP port efficiency using --top-ports:

–top-ports 10: 48%
–top-ports 50: 65%
–top-ports 100: 73%
–top-ports 250: 83%
–top-ports 500: 89%
–top-ports 1000: 93%
–top-ports 2000: 96%
–top-ports 3764: 100%

This means for just curiosity scans I can go with --top-ports 1000 and get roughly 93% accuracy in a fraction of the time.

Do like.

Rate Limiting

Another feature that he’s been wanting to add for a while is rate limiting by packet count. He actually found a need for this when he was doing his research. He started some of his first scans and got a call from his ISP. They thought he’d been hacked.

He got it worked out, but he decided it was a good idea to be able to set a threshold for how hard you hit the network you’re scanning from. And here it is:

nmap –max-rate 1000 $target
nmap –min-rate 500 $target

The --reason Option

This thing is awesome; when it shows you that a port was open or filtered or whatever—it shows you the reason it thought so.

Interesting ports on scanme.nmap.org (64.13.134.52):
Not shown: 994 filtered ports
Reason: 994 no-responses
PORT    STATE  SERVICE REASON
22/tcp  open   ssh     syn-ack
25/tcp  closed smtp    reset
53/tcp  open   domain  syn-ack
70/tcp  closed gopher  reset
80/tcp  open   http    syn-ack
113/tcp closed auth    reset

Nmap done: 1 IP address (1 host up) scanned in 4.21 seconds

Packet Trace with --packet-trace

This will show you what the packets look like that you send and receive, with a handy little “sent” and “received” marker.

nmap –packet-trace -p80 dmiessler.com

SENT (0.1160s) TCP 204.11.219.126:40117 > 204.11.219.126:80 S ttl=40
     id=52313 iplen=44  seq=2829670227 win=1024 
RCVD (0.1160s) TCP 204.11.219.126:40117 > 204.11.219.126:80 S ttl=40
     id=52313 iplen=44  seq=2829670227 win=1024 
RCVD (0.1160s) TCP 204.11.219.126:80 > 204.11.219.126:40117 SA ttl=64
     id=0 iplen=44  seq=2909000595 win=32792 ack=2829670228 
Interesting ports on dmiessler.com (204.11.219.126):
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds

Traceroute

You can now add the -traceroute option to your scan and Nmap will pick a port and traceroute to the target host over that port.

Nmap’s GUI (Zenmap) Now Creates Maps!

You heard me right. The latest version of Zenmap (bhdc08) now actually has a tab for creating maps like Cheops. The one above is an actual old Cheops screenshot because I don’t have X installed on the box running bhdc08, but you get the idea.

Ndiff

Ndiff is a sick little tool that compares Nmap XML files and produces XML or YAML formatted difference files. In other words, you can regularly scan your networks with Nmap and use Ndiff to not only tell you when new boxes pop up on (or drop off of) the network, but it’ll also tell you when new services are added or deleted to the boxes you already know about.

Brutally nice.

svn://svn.insecure.org/nmapexp/ndiff/ (same credentials as above)

Ncat

An über version of Hobbit’s classic. Supports SSL, IPv6, connection brokering, proxies, shell execution, and tons of other stuff.

svn://svn.insecure.org/ncat (login: guest/guest)

The Nmap Scripting Engine

If you’re not using this yet, you should probably get that way. Remember, it’s not just port scanning; you can actually check for vulnerabilities using this. Here’s one from his presentation that checks for DNS issues:

nmap -PN -v -sU -p53 -T4 –script=dns-test-open-recursion,dns-safe-recursion-port.nse,dns-safe-recursion-txid.nse dns-1.blackhat.com archimedes.shmoo.com

Fin

I’ll be adding these options, as well as a ton of additional new functionality, to my Nmap tutorial/primer located at http://dmiessler.com/study/nmap/.

But no matter what you do, go get a copy of Fyodor’s new book. It’s a must.:

Links

[ Nmap's Home Page | insecure.org ]
[ Fyodor's Blackhat Presentation | insecure.org ]
[ My Nmap Tutorial / Primer | dmiessler.com ]
[ My Study Page | dmiessler.com ]