Published: 04 Jan 2008
Information Security isn't the only standby celebrating its 10th birthday. Nmap, the popular open source security scanner and network mapping tool, hit double digits in 2007 as well. Like so many projects of its kind, Nmap was a labor of love--and necessity--according to its creator, hacker Fyodor.
What inspired you to write Nmap, and what were your early expectations? Nmap was mostly written during the summer of 1997, which I spent in Baltimore working as a teaching assistant at Johns Hopkins University. They set me up in a dorm room with Ethernet connectivity, giving me a new network to explore. At the time, I had a directory full of port scanners, such as Strobe for connect scanning, Reflscan for SYN scanning, and the UDP scanner from SATAN. I hacked them all to add options and features, but still found them frustrating to use. So I decided to write my own dream port scanner which would be faster, and support all the scan types and options I wanted.
After months of work and testing, Nmap replaced my other port scanners. At first I kept it to myself, but then I realized that other people might be interested.
So I released it in Phrack magazine on Sept. 1, 1997.
Why has it become so ubiquitous? I was surprised as anyone by that. Apparently many people had the same port scanning needs as I did. I was overwhelmed with ideas, bug reports and patches, so I released a second version. The project really resonated with people, so I abandoned some of my other security projects, such as the Exploit World archive I maintained back then, and have focused on Nmap development ever since. It has grown to be much more than a port scanner.
What Nmap feature or phase of its evolution are you most proud of? Probably OS detection, which we just overhauled to create a second-generation system (http://insecure.org/nmap/osdetect/). I'm also very proud of the version detection system (http://insecure.org/nmap/vscan/).
What's your opinion on the rash of commercialization around open source security products? I'm thinking specifically Tenable/Nessus, Sourcefire/Snort-ClamAV. I suppose it is their right if they have all their copyright ducks in a row, but I am certainly disappointed whenever I see an open source application go proprietary. I haven't used Nessus since they went that road.
If mobility has destroyed the traditional network perimeter, looking ahead, how do products such as Nmap have to evolve? Nmap definitely must evolve as networking technology and practices change. For example, the whole port scanning engine had to be rewritten as default-drop firewalls grew in popularity. We also added IPv6 support because that is very slowly catching on. The port to the Win-dows platform enabled many more Nmap users as well.
Mobility and the breakdown of network perimeters actually make Nmap more important. As networks grow more complex and distributed, you want to look at them from many angles by scanning from numerous endpoints. Nmap also makes it easy to inventory these big networks and identify unauthorized devices. Nmap is also often used for debugging purposes to understand and fix networks, so it isn't solely a security tool.