I think Nmap is by far the best portscanner around if you want to do some serious port-scanning. Nmap performs a DNS resolution by default. This is good for obtaining the fully qualified domain names (FQDN), however, in some cases when you are scanning huge networks spanning several class Bs, it can have a significant effect on the duration of the scan.
Although using the -n parameter can completely stop nmap from performing any resolutions, but sometimes there’s that fine granularity that you need, i.e., you want to perform name resolutions but not if it exceeds a certain amount of time. I have to say that I wouldn’t have even craved for such an idiosyncratic feature, had it not been for nmap. Fyodor has been awesome enough to provide fine-grained control over port-scanning to your heart’s content.
So I opened up the nmap code, trying to figure out if I could fine tune that feature myself and I was not at all surprised that there were several comments in the code that would give you the impression that the authors of nmap have been considering this feature.
At this time it seems that the timeouts for the DNS servers are being read out of an arrayname:
static int read_timeouts[][] in nmap_dns.cc.
The way the code works is, this array has retransmission timeouts. Each row of this array represents what retransmission timeouts that nmap will follow depending on the number of DNS servers provided.

In nmap 4.76, therefore, if you specify one DNS server (or only one entry exists in /etc/resolv.conf) nmap will wait 4000ms, then another 4000ms followed by 5000ms before giving up. But if you do specify two DNS servers, then for the first DNS server the timeouts are 2500ms followed by 4000ms and then the same is tried for the 2nd entry in the DNS servers. Therefore, it seems that nmap will wait 13 seconds at max before giving up on the DNS resolution of a host. Imagine scanning a class B and having to wait 13 seconds for each of the hosts to resolve. It would be a significant overhead.

Of course, one can find other things to do if the IP address space is not DHCP, e.g., starting a separate list scan (-sL) and a portscan (with -n) simultaneously so that the DNS resolution timeouts do not result in a major impact as far as the portscanning itself is concerned.
There could be pros and cons to this as well which I may have failed to consider. But at this time it seems that it might be the most judicious approach.

The introduction of low-cost flying alternatives in the Indian skies is a good thing for the Indian consumers as one would reckon. However, the consumers only stand to gain if they get a service which at least gets them their money worth.
Sadly though, the quality of service provided by these low-cost airlines is also “low-grade”. The business principle seems sound that people who want food/refreshments in flight buy it but that does not necessarily mean that one gets hard pressed to board the flight itself. The airline management needs to rethink that low-cost does not mean high tension. My flight experience was as follows:
I was to board the flight from Delhi – Mumbai at around 9:00 pm. However, until 10:30 pm there were no announcements which made me ponder about the very existence of the flight itself. At about 11:00 pm it was announced that the entry would be from Gate # 3. The people rushed in like a horde of animals trying to get into a DTC (Delhi Transport Corporation) bus. Then a technical snag – the key was unable to open the gate # 3 – occurred to make the matters worse. The gates were changed to Gate # 1 resulting into a new frenzy of people trying to reach gate # 1. In what ensued, there were a series of announcements for passengers to board the flight, however, there was a slight problem. The officials on Gate # 1 were not ready to let passengers through. The flights like “Air Deccan” have given a new meaning to the term “fight to the finish” as your fight to get a seat in the flight never ends!

Now I’ve no problems considering that the population of India is huge. However, I do have a problem when seemingly intelligent (?) people do not display basic intelligence. Air Deccan issues unique numbers on it’s boarding passes when people check-in. Why these numbers are not used for seat assignments is a question that only Air Deccan can answer. Apparently, they use these numbers to identify which passengers have / have not boarded the flight.

Unitl these companies realize that cheap tickets should not mean cheap quality the consumers will continue to remain at a loss in these airlines which are advertized as a “high value for money”.

i updated my backtrack 4 R1 finally using the directions mentioned here. However, after the upgrade my Intel Corporation Wireless WiFi Link 5100 wireless adapter stopped working. My first thought was that the driver was corrupted or something after the upgrade.
But looking through the ‘dmesg‘ command output it became clear that during the startup a particular file iwlwifi-5000-2.ucode could not be located. I thought a reinstall will do it (always works right?).
# apt-get install firmware-iwlwifi
No luck yet! Searching for these files showed me that they were in two locations and both of these were identical (verified via md5sum) :
/lib/firmware-2.6.30.9/iwlwifi-5000-2.ucode
/lib/firmware-2.6.34/iwlwifi-5000-2.ucode
So I just added a symbolic link as follows:
ln -s /lib/firmware-2.6.34/iwlwifi-5000-2.ucode /lib/firmware-2.6.35.8/iwlwifi-5000-2.ucode
Voila! It now worked! Hope it helps!

I wanted to have a list of all the security conferences around the world for a quick reference so I compiled together a list.

Installing Firewalk turned out to be more complicated than I thought it would be. There were some compilation issues and some library errors.
The chief amongst them was:

checking for arp_get in -ldnet... no
configure: error: No libdnet?  http://libdnet.sourceforge.net.

I did install libdnet using aptitude but it did not do the trick. Thereafer, searching a few forums got me this information. The “Libdnet” that Firewalk looks for is libdumbnet1 in the ubuntu language.
So I got the Debian packages from the following links:
libdnet1
libdnet-dev
I continued to get that error and no wonder because there was nothing in /usr/lib.
So I executed the following commands :

$ cd /usr/lib
$ sudo ln -s libdumbnet.so libdnet.so
$ cd /usr/include
$ sudo ln -s dumbnet.h dnet.h

Then there was a compilation error:

firewalk.c: In function ‘firewalk’:
firewalk.c:193: error: label at end of compound statement
make[1]: *** [firewalk.o] Error 1
make[1]: Leaving directory `/home/trance/Desktop/Firewalk/src'
make: *** [all-recursive] Error 1

So then opening the firewalk.c file in vim (and following up on line 193) showed that the “break;” statement was missing after default: switch statement.
So then I added the the following characters (without quotes) “break;” at a line above the comment as shown below:

                    default:
                        break;
                        /* empty */

$ ./configure
$ make
$ sudo make install
$ sudo cp man/firewalk.8 /usr/local/man/man8

Now firewalk was installed and ready to use!

Seems like the pwn2own this time around is going to be putting up prizes of about $100,000+ for people who can find 0-days for a variety of platforms. Especially, the fact that about $60,000 are being devoted for 0-days on the mobile security platform including the android platform etc., indicates a new era of security bugs.
The iPhone (non-jailbroken ones) as well as the BlackBerry application do tend to use signed executables. One only hopes that like the trust-relationships of the SSL-based certificates, the trust is really kept by analyzing the blackberry and iPhone apps.
Tyler Shields from Veracode presented his work of TXSBBSpy (source code URL: http://www.veracode.com/images/txsBBSpy.java; Presentation slides: http://www.veracode.com/images/TylerShields-MonkeyBerries-ShmooCon-2010.pdf).  In this he suggested that when controlled APIs are used the code needs to be signed by RIM but to do that RIM only gets the hash and not the source code.  This presents an interesting situation where RIM could actually be signing something that they don’t really know what it seems to be doing.

I wanted to install Cisco VPN client on BackTrack3. You can get the Cisco VPN client source using the following command:
wget ftp://ftp.cs.cornell.edu/pub/rvr/upload/vpnclient-linux-4.8.00.0490-k9.tar.gz
tar zxvf vpnclient-linux-4.8.00.0490-k9.tar.gz
cd vpnclient/
wget http://tuxx-home.at/projects/cisco-vpnclient/vpnclient-linux-2.6.22.diff
patch < vpnclient-linux-2.6.22.diff
./vpn_install

I got this information from the following blog.
I ran into an error whereby the kernel sources were not found for the VPN client to install. I then got the BackTrack3 kernel sources.
cd /lib/
wget http://www.offensive-security.com/kernel.lzm
mkdir test
lzm2dir kernel.lzm test

Now go into the vpnclient directory and execute the following:
./vpn_install

Accept the defaults (except in my case I selected “No” on automatically start VPN client). When it asks for the sources point it to:
/lib/test/usr/src/linux-2.6.21.5

Then the VPN Client should compile without any issues. Then you just need to place your Cisco VPN client Profile (.pcf) in the /etc/opt/cisco-vpnclient/Profiles directory. You will need to first start the VPN client service first using:

/etc/init.d/vpnclient_init start

Once the service is started just connect using:

vpnclient connect mypcffile user test password <whatever>

Please note that the full name of the Profile file in the above case is mypcffile.pcf but I’ve deliberately excluded the .pcf extension.
This should work.