Net Security With "NanoProbes" 104
An anonymous reader writes that "Steve Gibson is working on something called NanoProbe technology. He describes it as advanced remote Internet security testing. " Lots of interesting stuff to think about in there (despite the fact that he says its designed for windows). Its quite technical, and apparently moving fairly quickly forward.
Probes through NAT routers? (Score:2)
It doesn't explain how this works, so I can't keep the word "hoax" from popping up in my mind. Unless, of course, he is suggesting that everyone run his weirdo TCP/IP stack on their routers to cause this stuff to work.
---
Re:Nanoprobing (Score:1)
Dave
'Round the firewall,
Out the modem,
Through the router,
Down the wire,
Nanoprobes are bad, m'kay? (Score:1)
did you read the article? (Score:1)
--
Peace,
Lord Omlette
ICQ# 77863057
Re:Probes through NAT routers? (Score:1)
Did you see the stack he's proposed/designed? His new implementation of ping doesn't appear to need the WeirdStack [grc.com] to work.
On the other hand, he claims there that encrypting every SYN/ACK that goes out causes no overhead... which I might believe, until one gets SYN attacked.
On another note: of course its Wintel Oriented. He discovered an x86 asm programming book, and was touched (in the head) by the Wand of Optimization, so he can hand-code assembly language better than a compiler can optimize it! Too bad he wasn't touched by the Wand of Porting...
So he relies on the server being restarted often to keep things random... Definitely Windows Oriented, then.Quote from the site:
Re:fist pist (Score:1)
Behold the Open Source Sloth...
RTFM, y'all. (Score:2)
I don't think many that have posted inflamitory diatribes here have bothered to investigate Gibson's work thoroughly. Even on the Nanoprobe page itself, it's stated clearly enough for anyone that cares to read. I let Gibson speak for Gibson:
Good question . . . because it is NOT for everyone.
The NanoProbe Technology, like all of my development work and the content of this web site, is highly targeted toward the Microsoft Windows client universe.
I know fully well that the Internet was first the domain of Unix and Unix-derived machines, and that such machines still dominate the server space. But, unlike most typical "Internet scanners", this system is not oriented toward locating the vulnerabilities of unknown machines.
It is first, and foremost, a Windows client security analyzer. It has this bias because we can do a significantly better job for the majority of today's Internet users -- who are Windows users -- by focusing upon the specific needs of that platform to the exclusion, where expedient, of all others.
(my emphasis)
It's called prioritizing, folx.
Gibson's aiming at this group of people for a very good reason; it's where the biggest problem is. If he can take steps to lessen that problem ... we all win. Fewer vulnerabilities == a better net.
Re:HOW ABOUT TINY ASS PROBES? (Score:1)
Behold the Open Source Sloth...
Why, sure! (Score:2)
That reminds me of a text file going around in the mid 80's about how to upgrade your modem from 300 to 1200 baud - open the case, clip out some components, wrap some wire around a pencil and solder to some traces and you have - a dead modem.
Re:Hmm... This is sort of interesting, I suppose. (Score:1)
In short, I think this essentially *is* Shields Up...
Yes, But... But... (Score:1)
Maybe this is why: (Score:2)
Re:Does not look that thrilling to me... (Score:1)
'Round the firewall,
Out the modem,
Through the router,
Down the wire,
Re:ICMP? (Score:4)
Life is not like Gibson Sci-Fi because people are not that ignorant of technology! Though there are certainly enough that try to prove me wrong
--
Re:What a fck'ing joke (Score:1)
ROFLMAO...
Re:WTF is the marketing nonsense? (Score:1)
This is exactly true.
See, Steve used to have a column in InfoWorld back in the late 80's. (Last century.)
Over time I was amazed at how I came to distrust everything he said.
He was obviously extremely biased against Apple and Macintosh, all facts be damned. You must understand that this was a point in time when Apple was way ahead of the rest of the industry and had a market share (about 25%) that you couldn't ignore. And Apple was way, way bigger than any of the next biggest PC makers. Apple spun out a software subsidiary (Claris) that was bigger than the biggest PC maker (Compaq at the time). I say all this just to set things in context in 1987.
Anyway, in this context at that time, the things that Steve was saying was just hysterical rantings of his wishful thinking. It became clear that he just hated Apple (or Macintosh, or something). I have no idea what his issue was with it.
Needless to say, all this clearly caused Steve to loose all credibility in my eyes. I read InfoWorld for information. Clear. Truthful. Fair. And unbiased. If Apple is doing something stupid I want to hear it. If Apple is doing something great I want to hear that. Ditto with Microsoft. Ditto with everyone else in the industry.
Hmmm, just thinking back to all this, it makes me wonder if InfoWorld's online archives might actually go back this far in time? It would be interesting to see a page of links with Steve's incredibly stupid rants. Of course today given the incredible stupidity of Apple beginning in 1993 and continuing till today, Steve's rants wouldn't seem quite as incredible as they did at the time.
Re:Just because you write something (Score:2)
Any router will, as long as it's been told to.
The trick is that most of the internet's routers know *not* to route those addresses...
If you're on RoadRunner and I'm on RoadRunner and I tell my gateway that to hit the 192.168.11 network, it needs to route packets to your gateway, it will, and maybe I can get into your network, assuming the two nodes are on the same segment and you don't have your gateway set up to deny incoming packets to those addresses.
But the point is, unless Mr. Gibson *is* on Roadrunner and his machine is sitting "right next to mine" on their network, no, there is absolutely no way his packets are going to get through my firewall to the machine at 192.168.1.5 behind it. They wouldn't get through anyway because I've told my firewall not to accept new connections to internal addresses.
If any of what he's saying has any basis in reality, he's just deprecated the use of firewalls since the whole *point* of firewalls is to restrict certain traffic.
I have the feeling that we're all still pretty safe though...
-=-=-=-=-
Re:Probes through NAT routers? (Score:1)
Dave
'Round the firewall,
Out the modem,
Through the router,
Down the wire,
god help me, can't not do it... (Score:1)
Re:temporal density (Score:1)
Nooo... it's all to do with Virtual Chaos [virtualchaos.org]!
-
interesting... (Score:1)
Re:Another accomplishment of nanoprobes (Score:1)
Good one dood. Now you just have to get slashdot to use NanoTechnology(tm*), designed to prevent marketroid articles from being posted, we'll all sleep better.
While I personally don't see the use for this nano fleet of pot-smoking cyber spiders, beyond raising money for more dope, the article clearly demonstrates how I too can make lots of cash without doing anything.
/d
Fix?
Re:The Point, Temporal Density, etc. (Score:1)
Looking at the article on syn-cookies (which he links to from his GENESIS document) it says that you can enable syn cookies in linux by echo 1 >
My question is, if this has been implemented for so long (says in SunOS since 1996, Linux in 97, then how come so many sites have been brought down by DoS attacks?
Too much Star Trek, too little real content. (Score:1)
Score +3 (nice hype)? (Score:2)
Mini-review states:
While all this sounds quite impressive to the uneducated, this really comes down to a mix of things that could be done in the UNIX world with a combination of nmap, netcat and forcing anyone who you want to scan to connect to your web server.
If someone really saw a need to do this, all that would really be needed would be Apache with a custom module as the web server (having the scanee connect to your web server is what gives you one of the paths back through NAT firewalls), some nifty perl scripts to control netcat (to generate the "hand-crafted" packets and record the results), and maybe a nice MySQL || DB2 || whatever database on the back end for long term storage of your results.
Heck, with a custom Apache module and a database on the backend, you could set a cookie in the scanee's browser so that you could automagically let the scanee pull up the results of the last few scans you did on on him.
The summary: I feel for anyone who has spent that much time coding custom TCP stacks, custom webservers, and custom who knows what else in ASM, just to do what perl, apache, a bit of C++, a simple DB and netcat could do. What I feel for such a person will remain unstated.
--------------------------------
There is no backbone cabal.
Have you read this (Score:1)
Re:What a fck'ing joke (Score:2)
But are they numbered? I want packet 31337.
___
Re:Nanoprobing (Score:1)
GENESIS is a similar idea to syncookies, thus giving robust SYN flood protection to Windows platform.
It doesn't, however, eliminate the idea of Distributed Denial Of Service attacks.
BTW, we should rather call them Distributed Internet Load Denial Of Service attacks, that would make all those sensational news headlines much more funny (imagine a "www.hotgrits.com was taken down by DILDOS attack?" headline?)
Re:Yes, But... But... (Score:1)
Recently, there has been some interest in classic Slashdot posts, and that whole "specially hand-crafted packets" idea reminds me of this post [slashdot.org].
It's sad to see the actual dumb marketing guys imitating the trolls, though.
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Is this a joke? (Score:1)
This article, while hand-optimized, only serves as an agent of selling useless NanoCrap technology. It is the synergistic combination of marketdroid swarms that have an aggregate "NanoSales" effect upon the target market. Give me a break!
Hmm... (Score:1)
Get real (Score:1)
Connah
Re:Hmm... This is sort of interesting, I suppose. (Score:1)
Dave
'Round the firewall,
Out the modem,
Through the router,
Down the wire,
Does not look that thrilling to me... (Score:2)
Am I missing something? What is the big deal?
Our NanoProbes are able to (benignly) penetrate a user's stealth firewall to verify the presence of the system hidden behind. Since our NanoProbes are able to bypass stealthing
He seems to claim that his packets cannot be blocked....watch me (or anyone else) block them. Seems high on ego, low on content.
mac nanoprobe (Score:1)
LINUS [mikegallay.com]
Is this the famous "spyware" guy (Score:1)
----Quid
Re:What a fck'ing joke (Score:4)
No, it means each packet is carved from only the finest oak by third-generation master craftsmen in rural Vermont and comes with a signed certificate of authenticity.
Bruce
GENESIS (Score:1)
What a fck'ing joke (Score:2)
Does that mean you sit there tapping out the packet contents with your space bar?
Is this anything more sophistacted than ping?
Too bad it's for Windows only, it would take a dedicated Linux hacker minutes of grueling work to send those packets out
You never know (Score:1)
And now for a public service announcement from Jon "CmdrTaco" Katz...
--
Re:Does not look that thrilling to me... (Score:1)
Nano nano (Score:1)
What can we do to stop these little pests from lurking on our systems?
Fix?
Re:Too much Star Trek, too little real content. (Score:1)
It's "It's", not "Its" please (Score:1)
CmdrTaco, please note it's "It's", not "Its".
Re:Just because you write something (Score:1)
temporal density (Score:3)
The whole thing strikes me as self-congradulatory drivel. He may have found a way to do something useful/cool, but it's hard to see through all the bull splattered on the page.
Re:Maybe this is a good idea... (Score:1)
Re:What a fck'ing joke (Score:2)
Last time I checked you couldn't do that with a normal ping... not even a hyped up ping packet.
Malk-a-mite
Steve Gibson's state of mind. (Score:1)
Steve does write excellent code -- and frequently his programs are more 'cutting-edge' then most others. BUT -- he knows that he is just talking about port-scanning and OS Fingerprinting. When I questioned him at steve@grc.com, he replied twice to my inquiries with a whole lot of fluff / bloat-speak. He writes great code -- and he's not crazy. He's just using a very different marketing strategy.
You gave me a billion dollars! (Score:1)
Fix?
Oh boy... (Score:2)
But I suppose when you want to sell something like this for a lot of money, the Marketspeak gets pretty thick. I think it's really funny that this is specifically a Windows hack^H^H^H^Hprobing tool, too.
Ah well, it's not as bad as "Digital DNA"; I spent a good afternoon trying to find out information on that until I realized that it meant nothing, stood for nothing, and is basically a stupid abbreviation for "Motorola Technology". They had PRESS RELEASES full of MARKETDROIDS saying things like "It's DNA of the digital variety". WTF??? Grow me a digital person, marketdroid!
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
ALERT: Slashdot hurts IQ worse than fluoride (Score:1)
- Yep, nmap for windows. Pretty cool eh?
Lots of interesting stuff to think about in there (despite the fact that he says its designed for windows). ;)
- It was a no brainier for me, I think you may want to read more of the stories you post CmdrTaco
Its quite technical, and apparently moving fairly quickly forward.
- Quite technical for a newbie windows user, or a serious 12'oclock flasher (someone who has every appliance in the house flashing 12'oclock)
Re:Fascinating (Score:1)
The Point, Temporal Density, etc. (Score:5)
Temporal Density is a perfectly fine unit. If you can get twice as many of these packets through the same bandwidth in a given time, you have twice the temporal density. What he's saying about nanopackets is really that he's done lowlevel work by hand to get the packets as small as possible. This is how beautifully efficient things are done.
NP is not his primarly technology. His primary technology is the methodology of the floods. He's simply claiming they are twice as fast and possibly more capable, because he's using the best possible substructure for his floods, nanopackets.
Then what he does after that is give out a bunch of things it can do, without saying HOW, either because it's proprietary or because he doesn't know yet. This is why
He did not say it couldn't be blocked, he said it worked on stealthed computers. Certainly, if a secure router routes no outside packets, ever, then there can be no TCP/IP vulnerability (except in router security, or in there being another router or takeable machine on the internal network) But a stealthed machine which at some times has some interaction with the outside world has to respond to some kind of packet sometime, by definition. It would certainly ignore ping. Whether he succeeds at this I don't know, but it certainly is theoretically possible to succeed, at least in any specific case. (and a sufficiently long list of specific cases...)
I have at least 1 issue with GENESIS, which I should probably mail to him. In principle, he seems to have found the theoretical limit of this type of security inspection (@ packet level only) and if it all works as planned, it'll be great.
But he basically needs to provide more details, or not have a press release, or at least have a higher fact/buzzword ratio.
Re:Probe me... (Score:4)
There must be a killing to be made by selling network tools that caress, fondle, grope, kiss, lick, and suck.
"Our potent NetGrope Technology can unhook the access control on the back of most firewalls, thereby letting you caress the bouncing packets beyond."
---
Re:What a fck'ing joke (Score:1)
http://freshmeat.net/proj ect s/hping2/?highlight=hping2 [freshmeat.net]
Re:temporal density (Score:2)
Definitely not twice as fast! Saying you can send two packets in the time it takes someone else to send one does not mean yours move twice as fast. The time it takes will be the same. He's just claiming that since his packets are smaller, he can send "more" in the same time.
And his dials go to eleven...
High Slashdot bias against non-Linux stuff (Score:2)
Yeah, and I suppose that we should only support new technology and programs that aren't wearing the Microsoft fetters, right? This bible-thumper's bias is going a little too far. It seems that on Slashdot, any idea, however promising it may be for the future, is shunned if it doesn't run on Linux. And I suppose that Rob's gonna say that the next DOOM will suck because it's being designed on Windows 2000. Open your mind and take those blinders off!
Re:Affects Linux users (Score:1)
Geez, you'd think that CmdrTaco was 0wnz3r3d by an anti Microsoft company or something...
Re:It's "It's", not "Its" please (Score:1)
Re:Nanoprobing (Score:1)
The description of his Genesis technology seems somewhat familiar to me. .ht ml [uic.edu]) can't be reached currently.
To be specific, it sounds pretty much like the TCP syncookies support in the Linux kernel, however I can't verify that thoroughly because the link to docs that's given in the kernel's config help (ftp://koobera.math.uic.edu/syncookies
From the kernel config help:
SYN cookies provide protection against this type of attack (SYN flooding) . If you say Y here, the TCP/IP stack will use a cryptographic challenge protocol known as "SYN cookies" to enable legitimate users to continue to connect, even when your machine is under attack. There is no need for the legitimate users to change their TCP/IP software; SYN cookies work transparently to them.
Re:Has Taco lost his edge? (Score:1)
Well... we can't have *.*.*.* but we sure used to be able to 192.268.255.255 with a spoofed source address which caused some really groovy blue stuff.
But I agree, it's marketting speak for traditional methods of network diagnosis. Except for the potentially interesting bits of hand crafting packets so that they are as small as possible and thus able to generate twice the system load for a given bandwidth.
Re:has Steve been smokin' crack again? (Score:1)
Select the SHIELDS UP link from the home page, also have the site do the port probe. A comment there hints at the nanoprobe technology. Doesn't anyone read past the first paragraph any more? :-(
Re:Does not look that thrilling to me... (Score:1)
Re:The Point, Temporal Density, etc. (Score:1)
Re:Folks, it's Steve Gibson (Score:1)
Re:Is this the famous "spyware" guy (Score:1)
Re:What a fck'ing joke (Score:1)
Do you know how many packets you've generated with that post? Probably 20 at least, and you want to make them out of oak now?
It isn't bad enough that we're deforesting the Rain Forest for hamburgers and rainforest crunch, now we're gonna deforest Vermont just so we can have hand crafted Oak packets? Do you know what that will do to Vermont's ecosystem? Where will the smelly phishphans live if you cut down their trees?
We all need to seriously think about recycling our packets, designer hand crafted oak packets are a luxury mother earth can not afford!!!!
Re:GENESIS (Score:1)
Yes, read Page 3, "prior work". Seems he discovered SYN cookies after he had written the article...
It looks like the only difference between his "Genesis" thingy and SYN cookies is that he's using RC5 encryption, which is more computationally intensive than the MD5 hashes used by the Linux SYN cookie implementation...
Those aren't compiler warnings, they're suggestions...Nanoprobing (Score:2)
On the face of it, and based on a cursory read of the article, not the worst idea at all. And this guy definitely seems to have his heart in the right place on several issues.
Still, I'm not entirely clear as to why a bias towards Windows platforms seems to be such an important issue. Is there really that much difference in the requirements for a UNIX box? Given the number of Apache servers out there, I would think that ignoring UNIX platforms is a less than wise decision.
Still, he does describe the theory behind the approach. I don't doubt that there will soon be similar efforts for non-Windows platforms, if this method holds up to its promises. Invulnerability to DDoS alone is motivator enough.
-TBHiX-
Probe me... (Score:4)
What kind of pervert thinks all this stuff up?!
--
So the game of cat and mouse goes on (Score:1)
OT Re:Probes through NAT routers? (Score:1)
What is a good source of info on NAT and how it works? What I don't understand and can't seem to find out is how returning packets get to the correct machine. (they are in responce to packets which to the outside world are all coming from the same IP address) Does each go out on a different port or is some other trick used?
I allow no incoming new packets (i believe) because I have no servers. But understanding is golden. Even a book to read with info about this would be nice
Thanks
But Can They . . . (Score:2)
--
Hmm... This is sort of interesting, I suppose. (Score:5)
"Aren't NanoProbes just IP packets?
Of course they are."
I think that just about sums this up. They've put a fancy name on an existing technology, and claimed "innovation and invention." 'nmap' uses this sort of thing every day, it seems. Sure, they may have tweaked the packets to elicit specific responses from the target, but how is that any different than existing fingerprinting techniques? I don't think it is(although, I'm don't really know a whole heck of a lot about this stuff).
I used to really respect GRC. Their "ShieldUp!" was pretty darned cool, but these announcements all sound like bloddy half-baked press releases. I could be proven wrong, but this sounds really lame.
Dave
'Round the firewall,
Out the modem,
Through the router,
Down the wire,
WTF is the marketing nonsense? (Score:4)
I suppose you can't underestimate the power of catch buzzwords. Transmeta couldn't raise any finance until they renamed their tech to CodeMorphing. The BDU's will probably fall for it.
ICMP? (Score:2)
to be dropped into the Internet, it would route itself to the machine at IP address
[ 208.47.125.33 ] which is the United States NSA (National Security Agency). This
NanoProbe asks the machine to verify its existence on the Internet."
Wow! You mean you're writing ICMP? Sounds cool!
Really, "self-routing"? Um, so I guess if I use just these I don't need routers. Sorry, but self-routing doesn't work with dumb media. So he figured out how to cram ICMP type packets into smaller packets. So?
"While you wait, real-time, operation"
Yeah, ping just takes so damn long to run...
It think perhaps this guy should go back to writing his newbie-helpers and quit trying to play in the big leauges.
--Maarken
I'm giving her all she's got, Jim (Score:1)
Its five year mission to explore the limitations of the Miscrosoft Windows Client Universe."
Christ, this sounds like something out of Star Trek.
On the other hand, a concerted effort to show how
insecure the M$ is isn't necesarrily a bad idea.
nmap on steroids? (Score:3)
Wonder if this is any relation to _THE_ Gibson? Would be fitting wouldn't it...
what is open source all about? (Score:2)
Open source is about scratching an itch that you have. Steve Gibson is a windows user. He has an itch. He's scratching. Oh hell's yeah.
--
Peace,
Lord Omlette
ICQ# 77863057
They describe packets as if they were intelligent! (Score:1)
This is just atropomorphistic description of data being routed over the Internet between its networks.
This reminds me a funny story of my not-so computer savvy friend who has a destructive script-kiddie mentality. He wanted to send someone a trojan (to format his HDD) by e-mail. He asked me if he could run it on his computer and send it running to someone else's...
Another accomplishment of nanoprobes (Score:2)
You may have heard that Slashdot was recently "hacked". The preliminary stages of this hacking were made possible with nanoprobe-like technology.
I, Bob Jones III, was part of the elite "hacking" team. I added a module to the "lameness filter" that prevents the following kinds of posting errors:
Mr. Taco: It is hopeless to try to correct this error. I have added this code block to the firmware of your RAID arrays, so if you erase the module, it will be instantly rewritten. I am doing this to save the souls of all Slashdot readers and lead them toward CHRIST.
Sincerely,
Bob Jones III [goatse.cx]
A copy of the email I sent to steve a min. ago (Score:1)
Swarms of locust (Score:1)
Purely speculating, I would presume that what they send are fragments of packets, source routed IP packets, etc. etc...
They say they maintain a connection with the probed host - IMO they use a legit way to pass your NAT (for instance a web server inside your private network) and then embed their special "hand crafted" packets inside the stream which try to fool the server itself to route the packet elsewhere, inside the network. The "swarm" concept indicates they will probably scanning your internal IP range using this technique or some other.
May be routers or firewalls should nowdays remove any interesting IP options, or even deny them.
has Steve been smokin' crack again? (Score:3)
Could this nano-probe technology be Steve's fabled project x?
PROJECT-X's display will expose crucial information that's been hidden inside your computer by people who have their best interests in mind, not yours.
It automatically finds easter eggs?
I DO know how bizarre this sounds. "Hidden truths?" "Other people in control?" "Unnerving secrets buried in our computers?" I wouldn't blame you for thinking that I'm being deliberately over-dramatic, and you might wonder what I've been smoking out here in Southern California. Or whether, perhaps, I've become a little too involved with the X-Files TV show.
Currently I'm thinking about dolphin sex.. but that's what happens when you read /. posts :-(
I don't yet know for sure that I can even do what PROJECT-X requires..
This is the line I like the most.. it sounds like the guy is trying to write the all-in-one point-and-click hacking tool or something. 'Yeah.. just type in the IP address and click go.. you'll automatically be placed in a shell account as root.. or if it's windows.. NetBus will automatically be installed for you.. ??'
Has anyone joined the mailing list to 'apprised of my progress'?
Idi
- I don't have a .sig .. I type this in by hand each time!
Re:Probe me... (Score:1)
-- ShadyG
Affects Linux users (Score:2)
William or Steve? (Score:1)
Not this guy again... (Score:1)
His credibility was bad already. This ridiculous drivel is even more over the top. I'd like to see him probe my internal network to "reveal my machine's TRUE local private-network IP address". Assuming he could (OpenBSD with NAT/IPFilter providing no services; doubtful), he would discover that my 'secret private network IP' is something in 192.168.0.*. There's some pretty useful information: an internal network that doesn't use valid IP addresses!
Enough submissions about this guy's 'advanced technology' already.
Too bad his example packets are wrong... (Score:5)
1) The TCP offset (TCP header length) is set to 6, which means that the TCP header length should be 24, and the packet shown only has a 20 byte header.
2) The Sequence number is 0, which should never happen on a SYN packet and would be easily picked up by any intrusion detection system (like Snort [snort.org]).
3) The IP datagram length field shows 44-bytes, but once again we're only shown 40-bytes. Where'd those other 4 bytes go?
Beyond that, this is a standard SYN packet, hardly revolutionary.
The packet at the top is a simple ICMP ECHO packet (ping), which is presumably being filtered at the NSA's gateway. That's why a response has "never been received"... Ooh, spooky!
The other claims are so much fluff. Temporal density? Just because the packet's got half as many bits as the equivalent ECHO packet from MS doesn't mean that the extra nanosecond saved is going to be added onto your life.
These packet's aren't stealthed by any measure, they're only stealthed to the uninitiated because most peoples eyes glaze over when confronted with binary data. What we've been presented with is a an ICMP ECHO packet and a TCP SYN packet.
Let's look at the other claims:
"While you wait, real-time operation"
Explanation: When you execute the program, it runs and reports back to you.
"Continuous host-presence verification"
Explanation: When you run the scan, it pings the target to make sure it's up. Contrary to the claims on the web page, every other scanner under the sun that's used for any large scale application (like nmap, CyberCop, ISS, etc) does this.
"Comprehensive host IP address determination"
Explanation: Resolves DNS names, can make other DNS queries.
"Host stealth technology detection, penetration, and appraisal"
Explanation: If the host is discovered, it will be scanned! If the host can be reached through the firewall, it'll also be scanned. If the firewall is filtering the traffic, the program will attempt to get through but probably won't unless some well known vulnerability can be exploited.
"True firewall, versus simple packet filter, discrimination"
Explanation: They see if their packets are rejected outright or if some sort of connection establishment is allowed.
"Special "Half-Open" TCP connection "SYN" probing"
Explanation: This was special about four years ago, but now it's just called a SYN scan. This is different than a full SYN scan in that the connection is dropped after receiving the returned SYN-ACK packet instead of letting the connection complete. This is different from a free port scanner like nmap in exactly 0 ways.
"Advanced TCP non-connection "ACK" probing"
Explanation: They can do ACK scans as well. This is completely revoloutionary unless you've used almost any other free scanner in the past four years.
"Fragmented and reordered packet filtering vulnerability assessment
Explanation: nmap + fragrouter = this capability, plus more!
"UDP/ICMP reflection response probing"
Explanation: If you send a properly formatted UDP packet to port 137 on MS boxen that allow it, you'll get a response back. If it's not available, you'll get an ICMP UNREACHABLE. My god, the amazing powers of this software aren't to be believed!!
"Differential source IP analysis"
Explanation: IP spoofing! Revolutionary! Nmap has only had this capability for (at least) four years, but these guys have made it revolutionary by sticking it in their product to jack with badly misconfigured firewalls. Amazing!
"Personal Router vulnerability assessment"
Explanation: If you're behind a NAT, there's a chance that the nanoprobe may notice!
"Last-Hop Router vulnerability assessment"
Explanation: If your router/NAT is badly misconfigured, a nanoprobe may be able to see some of the other addresses that the thing is configured to talk to.
"Active protocol testing"
Explanation: Application layer testing, such as trying to brute force passwords on SMB shares. This has never been done before, unless of course you count the NetBIOS Auditing Tool (nat) program from the mid 90s...
"Packet round trip time (RTT) profiling"
Explanation: This is useful if you're trying to see if there's any time based elements to see if you're talking to a firewall or directly to the host. Righteous.
"Absolutely spoof proof"
Explanation: "We can't be spoofed because we make our own packets!" What about man in the middle attacks guys? Are you talking IPv6 or over an encrypted tunnel? No? Oops, you can be spoofed.
Anybody remember the FreeVeracity BS from a few weeks back? I smell repeat! There's no magic here, other than the fact that this got posted to Slashdot at all.
DEAR GOD! (Score:1)
Re:mac nanoprobe (Score:1)
Folks, it's Steve Gibson (Score:3)
Why is it only for Windows? Because Steve Gibson wrote it. He likes to write "hand-crafted" assembly language, for x86 platforms. So he wrote it for Windows.
Maybe it reads like a press release. But don't forget... when he finally has something to release, he is going to give it away free (like beer). He isn't spamming this page out by email, he isn't trying to trick anyone out of their money, so why are people so worked up?
He wrote, and gave away, a cool utility [grc.com] for Zip disk owners. He also wrote and gave away some other stuff, and let's not forget how cool his Shields Up! page has always been.
Even if we moderate his latest web page (-1, marketdroid-speak) he has plenty of karma left over.
steveha
Re:temporal density (Score:2)
Re:nmap on steroids? (Score:1)
packet details? (Score:1)
Ugh. (Score:1)
Maybe Windows has a specific exploit where a naked IP packet will be blindly forwarded or responded to. That would explain the Windows-only support of this. If this is the case, then as soon as Windows fixes that bug, byebye Nanoprobe usefulness.
It is easy to create this "Super firewall", and "super server" if you re-write IP and TCP... Look, I can ignore all packets that do not match my format, and therefore be immune to DoS attacks! Oh wait, I seem to be getting a huge amount of valid packets... damn....
What drivel...
Whee! (Score:5)
What crap.
-=-=-=-=-
Lots of buzzwords, not much content (Score:5)
The page is full of anthropomorphism and redundant quasi-technical terms just thrown in to make it look impressive. When you actually look for some hard facts, they're fairly lacking.
So what that they're less than half the size of the ping packets produced by MS ping, which always sends 32 bytes of data. Can we say ping -s 1 host? Sends 232-bit packets (224 header + 8 bits data). (It gets 9-byte replies = 224 + 9*8 = 296-bit replies... still not far off the 224-bit of the minimalist packets).
There's no actual evidence presented that the lack of data in the packet causes them to be processed in such a radically different way as is suggested, bypassing any and all firewalls, NAT and proxies.
Looks like sensationalist hype so far. They may have some use in highlighting exception cases in software (who'd expect zero length data anyway), and his customised TCP/IP suite will probably just be used to send more pings per second.
Re:Does not look that thrilling to me... (Score:4)
Dave
'Round the firewall,
Out the modem,
Through the router,
Down the wire,