Nmap was mostly written during the summer of 1997, which I spent in Baltimore working as a teaching assistant at Johns Hopkins University. They set me up in a dorm room with Ethernet connectivity, giving me a whole new network to explore. At the time, I had a directory full of port scanners, such as Strobe for connect scanning, Reflscan for SYN scanning, and the UDP scanner from Satan. I hacked them all to add options and features, but still found them frustrating to use. So I decided to write my own dream port scanner which would be faster, and support all the scan types and options I wanted.
After months of work and testing, Nmap replaced my other port scanners. At first I kept it to myself, but then I realized that other people might be interested. So I released it in Phrack magazine on Sept. 1, 1997. Why has it become so ubiquitous?
I was surprised as anyone by that. Apparently many people had the same port scanning needs as I did. I was overwhelmed with ideas, bug reports, and patches, so I released a second version. The project really resonated with people, so I abandoned some of my other security projects (such as the Exploit World archive I maintained back then) and have focused on Nmap development ever since. It has grown to be much more than a port scanner.
Probably OS detection, which we just overhauled to create a second-generation system. I'm also very proud of the version detection system. How much in the way of community contributions end up in Nmap?
Thousands of people have submitted OS fingerprints, version fingerprints, and bug reports, but the majority of actual development is done by an inner circle of top contributors. But it isn't a static group at all. New developers regularly join, and others step aside--often due to life situations such as childbirth or employment changes. What's your opinion on the rash of commercialization around open source security products? I'm thinking specifically Tenable/Nessus, Sourcefire/Snort-ClamAV.
I suppose it is their right if they have all their copyright ducks in a row, but I am certainly disappointed whenever I see an open source application go proprietary. I haven't used Nessus ever since they went down that road. If mobility has destroyed the traditional network perimeter, looking ahead, how do products such as Nmap have to evolve? Or will there always be a need for "traditional" network security?
Nmap definitely must evolve as networking technology and practices change. For example, the whole port scanning engine had to be rewritten as default-drop firewalls grew in popularity. We also added IPv6 support because that is (very slowly) catching on. The port to the Windows platform enabled many more Nmap users as well.
Mobility and the breakdown of network perimeters actually make Nmap more important. As networks grow more complex and distributed, you want to look at them from many angles by scanning from numerous endpoints. Nmap also makes it easy to inventory these big networks and identify unauthorized devices. For example, employees have been known to compromise security by plugging wireless devices and infected laptops into enterprise networks. Nmap is also often used for debugging purposes to understand and fix networks, so it isn't solely a security tool.
Michael S. Mimoso is editor of Information Security. Send comments on this interview to firstname.lastname@example.org.