Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

nMap, A Free And Must-Have Tool For Security Pros, Just Saved Me

As I go through my mailbox and sort through the 1,000 different security products that I'm seemingly pitched on every week, I couldn't help but smile as I reflected on the fact that some my favorite, and most useful tools, are free.
Call me crazy, but I'm in the habit of routinely hacking myself. If you're in the security space, you should get into the habit of doing it to. Probing your critical servers for security holes helps you get out in front of potential security threats before the bad guys can exploit them.

We're not all lucky enough to have IT budgets that provide for expensive IDS/IPS/NBA systems. But don't fret, there are some troubleshooting tools out there that can help you, for free, and I'll make a habit of sharing those with you in my blog as I discover them.

One such tool I use all the time is called nMap. I frequently use nMap in my Windows environment to gather information on what TCP ports are listening for connections on a given PC or server. I recently remotely scanned my own laptop from a server to check the health of my system. I was perplexed to see that nMap told me that port 25 was listening on my laptop. I then did a quick telnet to port 25 of my laptop and was greeted with:

220 Microsoft ESMTP MAIL Service, Version: 6.0.2600.33
11 ready at Sat, 12 Apr 2008 17:19:00 -0400

If I were to see this prompt on my exchange server, I would be happy, but to see it on my own laptop made me cringe. A couple cups of coffee later, I realized that I enabled the SMTP Server on my local IIS install, and had the server open for anonymous SMTP relay. That's a filet mignon for worms looking for PC's to zombie and turn into SPAM bot's.

  • 1