Hi! My given name is Gordon Lyon, though I often go by Fyodor on theInternet. I run the Internet security resource sitesInsecure.Org,Nmap.Org,SecLists.Org, andSecTools.Org. I also wrote andmaintain theNmap Security Scanner.These projects don't leave me much time to update vanity pages likethis one, so you may find a more formal and up-to-date bio onmy Wikipediaentry. For people who just came here looking for my emailaddress, it isfyodor@nmap.org.

In case it isn't obvious from my web sites, I am a hacker. Thegood kind. I enjoytinkering with computers, exploring networks, pushing hardware andsoftware to its limits, and especially open source programming. Ihave been developing and distributing the freeNmap Security Scanner since 1997.It scans your networks to determine what hosts are online, whatservices (web servers, mail servers, etc.) they are offering, what OSthey are running, and more.

While my web sites and Nmap were created for fun and in the hopethat people would find them useful, they have become my full-timeoccupation. I consider myself quite privileged to be able to spendall my time on what I love. Revenue comes from alicensingprogram that allows proprietary software and appliance vendors tointegrate and distribute Nmap technology within their products. Thisis similar to the model taken byMySQL,Trolltech Qt, andBerkeley DB. Nmap's licenseallows free use by end users or within larger open source packages.My company, Nmap Software LLC, also offerslimited webadvertising.

I have gained much from the information and open source programsavailable on the Internet, as well as the culture of sharing thatpervades the hacker community. I try give a little back through myprograms, books, articles, web sites, and other projects I maintain.

Books and papers

In addition to writing software, I have authored or co-authoredseveral books:

	Nmap Network Scanning is theofficial guide to Nmap. From explaining port scanning basics fornovices to detailing low-level packet crafting methods used byadvanced hackers, this book by Nmap's original author suits all levelsof security and networkingprofessionals. Thereferenceguide documents every Nmap feature and option, while the remainderdemonstrates how to apply them to quickly solve real-worldtasks. Examples and diagrams show actual communication on thewire. Topics include subverting firewalls and intrusion detectionsystems, optimizing Nmap performance, and automating common networkingtasks with the Nmap Scripting Engine. More than half of the book isavailable freeonline.
	My best selling book isStealingthe Network: How to Own a Continent. Myself, Kevin Mitnick, JayBeale, Joe Grand, FX, and others crafted a hacker-thriller detailing amassive electronic financial heist. While the work is fiction, hacksare described in depth using real technology such as Nmap, Hping2,OpenSSL, etc. The book can bepurchasedat Amazon, or you canread my chapter onlinefor free. When it first came out, STC ranked as thesecond-highest selling computer book on Amazon.
	I am a founding member of theHoneynet Project, which places baitnetworks on the Internet and studies how they are attacked. We areperhaps best known for ourKnow Your Enemyseries of white papers. I co-authored the first edition of ourHoneynet book.KnowYour Enemy: Learning about Security Threats (2nd Edition) is nowavailable (samplechapters online).
	OK, I didn't write this one, but I starred in it! In the comic bookHero-ZClustermind (11MB PDF), I save a kidnapped Nmap developer from a criminalorganization intent on misusing his hacking skills for evil.

I have also written many papers, most of which can be found on theNmap docs page. Here are some of my favorites:

• Nmap Reference Guide is available in a dozen language and its 18 sections cover almost every aspect of Nmap.
• Service and Application Version Detection describes how Nmap interrogates open ports to determine exactly what is running. This helps you locate forbidden/insecure services on your network, even when people try to hide them on unusual ports.
• Remote OS Detection via TCP/IP Fingerprinting (2nd Generation) describes the new-for-2006 methods Nmap uses to guess remote operating systems based on the target's TCP/IP behavior.
• Idle Scanning and Related IPID Games describes anonymous spoofed port scanning and other tricks enabled by the predictable IPID sequence numbers generated by many operating systems.

Web sites

Hacking is not just about learning, but also sharing information. I maintain these network security web sites:

• SecTools.Org - The top 100network security tools, as voted on every three years by thousands ofNmap users.
• SecLists.Org - Archives of thetop security mailing lists, including thoserun by myself and thebest 3rd party lists such asBugtraq,Security Basics,Penetration Testing,Full Disclosure, andDaily Dave. RSS feeds areavailable for each list.
• Nmap.Org -Documentation, download links, tutorials, and more for the Nmap Security Scanner.
• Insecure.Org - News and updatesacross all my sites, and a bunch of security information which doesn'tfit neatly into the other categories.

Companies and Non-Profit Organizations

Besides my own company (Nmap Software LLC) and the aforementionedHoneynet Project, I formerly served as President ofComputerProfessionals for Social Responsibility. Since 1981, CPSR haspromoted the responsible use of computer technology. It alsoincubated theElectronicPrivacy Information Center (EPIC) and theComputers Freedom & Privacy (CFP) Conference.

I am also a member/contributor/volunteer and big supporter ofThe Free Software Foundation (and theirDefective byDesign campaign against DRM),Electronic Frontier Foundation,Wikipedia,One Laptop Per Child, and theComputer History Museum.

After the domain name registrar GoDaddy inapropriately shut down SecLists.Org (and some other security sites), I startedNoDaddy.Com to illustrate the many problems with this registrar.

Conferences and other speaking engagements

Security conferences are a great way to learn, network, and party withlike minded hackers. I attend them whenever I can find thetime. I have presented at many events, includingDefcon (4 years),CanSecWest (5 times),Black Hat Briefings,IT Security World (four times),Security Masters' Dojo(8 sessions),ShmooCon,IT-Defense,FOSDEM,SFOBug,Stanford University,George Washington University, and manycorporate events.

Audio, video, and/or slides for many of my presentations is available onmy presentations page.

Preparing, traveling, and delivering good presentations takes asubstantial amount of time, so I must be selective about whichengagements I accept. Feel free to invite me to speak at yourconference, but don't be offended if I have to decline.

Interviews

I enjoy giving written (or video/audio in rare cases) interviewsfor network security and technology publications. Here are some goodones:

• Patrick Grayinterviewed me on his Risky Business podcast in December 2008 about recent improvements to Zenmap and my new book.
• PaulDotCom Security Weekly audio podcast interviewed me in September 2008. New Nmap 4.75 features were covered, as well as advanced scanning tips, in this multi-hour interview. You can listen topart 1, thenpart 2, or read theepisode notes.
• SecurityFocus Interview about the Nmap 4.00 release
• Slashdot interview covering Nmap and network security (My /. username is 'fv' and you can read mylatest postings).
• Google podcast interview which focuses on my participation in the GoogleSummer of Code program.
• Zone-H interview about Nmap, open source, and network security.
• Safemode interview covers my personal life and Nmap.

If you have interesting questions and would like to interview mefor your publication or web site, send me email and I'll try to maketime.

Fyodor FAQ

Here are some questions that I get quite often:

1. Where did the nickname Fyodor come from?

   Like many hackers, I enjoy reading. For a while in the early 90s Iwas particularly enamored with Russian authorFyodorDostoevsky. Shortly after reading hisNotes FromUnderground, I logged onto a new BBS using the handle Fyodor as awhim. It stuck. I'm a little embarrassed that aGooglesearch for Fyodor now lists me before Dostoevsky. I guess it ishard to earn and maintain a decentPageRank when you'redead.

2. I think my boyfriend is cheating on me. Will you help me hack his email account to find out?

   No.

3. Will you do an interview for my web site, speak at my conference, or answer questions for the article I'm writing?

   Maybe! Email me a proposal. I can't always say yes, but I will at least answer promptly.

4. I'm writing a book or web/journal article or producing a movie,and Nmap is covered. Would you do a pre-publication technicalreview?

   Yes, I'm generally happy to do this.

5. Are you on any social networks?

   Yes, I have personal accounts onFacebook,Twitter, andGoogle+. Feel free to follow/subscribe, but I only friend people that I actually know. I also run a separate account for Nmap news onFacebook,Twitter, andGoogle+.

6. How can I become a security expert/hacker?

   It is a lot of work, but also rewarding. My take is in question #4of mySlashdotinterview.

7. in fact, the only reason that i wonna learn to use the n map is to find some data abougth a girl that contacted me in some a page, an have fucking me each time i go online, as an free atitude, that i can't understand, anyways i'm a tecnic in coputing from a tecnical school but i'd learn only a bit of q basic. if you can help me with that i'll be thakfull foreve!

   Please,get help.

8. How can I keep up with the latest Nmap and Insecure.Org news?

   Major Nmap releases and important site news are posted to thead-free Nmap-hackers mailing list. You can join more than 60,000current members fromthispage. Traffic rarely exceeds 2 messages per month. You can alsoread the archives or subscribe to the RSS feed atSecLists.Org. The other source forbreaking news is the front page ofInsecure.Org. If you truly want tokeep abreast of all Nmap development, join the high traffic (hundredsof messages per month)nmap-devlist too.

Contact Info