About me

Hi! My given name Gordon Lyon, though I often go by Fyodor on the Internet. I run the Internet security resource sites Insecure.Org, Nmap.Org, SecLists.Org, and SecTools.Org. I also wrote and maintain the Nmap Security Scanner. These projects don't leave me much time to update vanity pages like this one, so you may find a more formal and up-to-date bio on my Wikipedia entry. For people who just came here looking for my email address, it is fyodor@insecure.org.

In case it isn't obvious from my web sites, I am a hacker. The good kind. I enjoy tinkering with computers, exploring networks, pushing hardware and software to its limits, and especially open source programming. I have been developing and distributing the free Nmap Security Scanner since 1997. It scans your networks to determine what hosts are online, what services (web servers, mail servers, etc.) they are offering, what OS they are running, and more.

While my web sites and Nmap were created for fun and in the hope that people would find them useful, they have become my full-time occupation. I consider myself quite privileged to be able to spend all my time on what I love. Revenue comes from a licensing program that allows proprietary software and appliance vendors to integrate and distribute Nmap technology within their products. This is similar to the model taken by MySQL, Trolltech Qt, and Berkeley DB. Nmap's license allows free use by end users or within larger open source packages. My company, Insecure.Com LLC, also offers limited web advertising.

I have gained much from the information and open source programs available on the Internet, as well as the culture of sharing that pervades the hacker community. I try give a little back through my programs, books, articles, web sites, and other projects I maintain.

Books and papers

In addition to writing software, I have authored or co-authored several books:

	My upcoming book Nmap Network Scanning documents every aspect of using Nmap to secure your network. Chapters include "Detecting and Subverting Firewalls and Intrusion Detection Systems", "Optimizing Nmap Performance", "Defenses Against Nmap", "Nmap Reference Guide", and many more. Many of the chapters are already freely available online—see the Nmap book page for more details.
	My best selling book is Stealing the Network: How to Own a Continent. Myself, Kevin Mitnick, Jay Beale, Joe Grand, FX, and others crafted a hacker-thriller detailing a massive electronic financial heist. While the work is fiction, hacks are described in depth using real technology such as Nmap, Hping2, OpenSSL, etc. The book can be purchased at Amazon, or you can read my chapter online for free. When it first came out, STC ranked as the second-highest selling computer book on Amazon.
	I am a founding member of the Honeynet Project, which places bait networks on the Internet and studies how they are attacked. We are perhaps best known for our Know Your Enemy series of white papers. I co-authored the first edition of our Honeynet book. Know Your Enemy: Learning about Security Threats (2nd Edition) is now available (sample chapters online).
	OK, I didn't write this one, but I starred in it! In the comic book Hero-Z Clustermind, I save a kidnapped Nmap developer from a criminal organization intent on misusing his hacking skills for evil. You can read the issue online or download the PDF (11MB). The rest of the series is available at Hero-Z.Org.

I have also written many papers, most of which can be found on the Nmap docs page. Here are some of my favorites:

• Nmap Reference Guide is available in a dozen language and its 18 sections cover almost every aspect of Nmap.
• Service and Application Version Detection describes how Nmap interrogates open ports to determine exactly what is running. This helps you locate forbidden/insecure services on your network, even when people try to hide them on unusual ports.
• Remote OS Detection via TCP/IP Fingerprinting (2nd Generation) describes the new-for-2006 methods Nmap uses to guess remote operating systems based on the target's TCP/IP behavior.
• Idle Scanning and Related IPID Games describes anonymous spoofed port scanning and other tricks enabled by the predictable IPID sequence numbers generated by many operating systems.

Web sites

Hacking is not just about learning, but also sharing information. I maintain these network security web sites:

• SecTools.Org - The top 100 network security tools, as voted on every three years by thousands of Nmap users.
• SecLists.Org - Archives of the top security mailing lists, including those run by myself and the best 3rd party lists such as Bugtraq, Security Basics, Penetration Testing, Full Disclosure, and Daily Dave. RSS feeds are available for each list.
• Nmap.Org - Documentation, download links, tutorials, and more for the Nmap Security Scanner.
• Insecure.Org - News and updates across all my sites, and a bunch of security information which doesn't fit neatly into the other categories.

Besides my own company (Insecure.Com LLC) and the aforementioned Honeynet Project, I serve as President of Computer Professionals for Social Responsibility. Since 1981, CPSR has promoted the responsible use of computer technology. It also incubated the Electronic Privacy Information Center (EPIC) and the Computers Freedom & Privacy (CFP) Conference.

I am also a member/contributor/volunteer and big supporter of The Free Software Foundation (and their Defective by Design campaign against DRM), Electronic Frontier Foundation, Wikipedia, One Laptop Per Child, and the Computer History Museum.

After the domain name registrar GoDaddy inapropriately shut down SecLists.Org (and some other security sites), I started NoDaddy.Com to illustrate the many problems with this registrar.

Conferences and other speaking engagements

Security conferences are a great way to learn, network, and party with like minded hackers. I attend them whenever I can find the time. I have presented at many events, including Defcon (4 years), CanSecWest (5 times), Black Hat Briefings, IT Security World (four times), Security Masters' Dojo (8 sessions), ShmooCon, IT-Defense, FOSDEM, SFOBug, Stanford University, George Washington University, and many corporate events.

Audio, video, and/or slides for many of my presentations is available on my presentations page.

Preparing, traveling, and delivering good presentations takes a substantial amount of time, so I must be selective about which engagements I accept. Feel free to invite me to speak at your conference, but don't be offended if I have to decline.

Interviews

• PaulDotCom Security Weekly audio podcast interviewed me in September 2008. New Nmap 4.75 features were covered, as well as advanced scanning tips, in this multi-hour interview. You can listen to part 1, then part 2, or read the episode notes.
• SecurityFocus Interview about the Nmap 4.00 release
• Slashdot interview covering Nmap and network security (My /. username is 'fv' and you can read my latest postings).
• Google podcast interview which focuses on my participation in the Google Summer of Code program.
• Whitedust.Net interview covering Nmap and personal issues
• Zone-H interview about Nmap, open source, and network security.
• TuxJournal interview about me, Nmap, and open source security tools.
• Safemode interview covers my personal life and Nmap.

If you have interesting questions and would like to interview me for your publication or web site, send me email and I'll try to make time.

Fyodor FAQ

1. Where did the nicname Fyodor come from?

   Like many hackers, I enjoy reading. For a while in the early 90s I was particularly enamored with Russian author Fyodor Dostoevsky. Shortly after reading his Notes From Underground, I logged onto a new BBS using the handle Fyodor as a whim. It stuck. I'm a little embarrassed that a Google search for Fyodor now lists me before Dostoevsky. I guess it is hard to earn and maintain a decent PageRank when you're dead.

2. I think my boyfriend is cheating on me. Will you help me hack his email account to find out?

   No.

3. Will you do an interview for my web site, speak at my conference, or answer questions for the article I'm writing?

   Maybe! Email me a proposal. I can't always say yes, but I will at least answer promptly.

4. I'm writing a book or web/journal article or producing a movie, and Nmap is covered. Would you do a pre-publication technical review?

   Yes, I'm generally happy to do this.

5. How can I become a security expert/hacker?

   It is a lot of work, but also rewarding. My take is in question #4 of my Slashdot interview.

6. How can I keep up with the latest Nmap and Insecure.Org news?

   Major Nmap releases and important site news are posted to the ad-free Nmap-hackers mailing list. You can join more than 60,000 current members from this page. Traffic rarely exceeds 2 messages per month. You can also read the archives or subscribe to the RSS feed at SecLists.Org. The other source for breaking news is the front page of Insecure.Org. If you truly want to keep abreast of all Nmap development, join the high traffic (hundreds of messages per month) nmap-dev list too.