Kusuriya (Pharmacy(a)softhome.net) in the USA asks:
What inspired you to create and maintain nmap?

In The Cathedral and the Bazaar, Eric Raymond notes that "every good work of software starts by scratching a developer's personal itch." That was certainly my motivation for creating Nmap. I had a whole directory of scanners, including Julian Assange's Strobe, the reflscan SYN scanner, the UDP scanner from SATAN, a FIN scanner from Uriel Maimon, and many more. They all have very different options and limitations. I would want to use one scanner with an option from another. So initially I made my own modified versions of each scanner. Eventually, I decided the best approach was to create my own scanner from scratch. It would support all of the major scan types while being fast and efficient against large networks. Thus, Nmap was born. I used it myself for a while, and then released it to the public in a 1997 Phrack Article. Since then, Nmap has grown and grown, thanks in a large part to hundreds of contributors.

d00m (d00m(a)hackermail.com) from Nepal asks:
What is the future of Nmap? Any plans to make the world's most powerful portscanner even more powerful?

I recently finished the Nmap version detection framework, which I am very excited about. Now instead of using a simple nmap-services table lookup to determine a port's likely purpose, Nmap will (if asked) interrogate that TCP or UDP port to determine what service is really listening. In many cases it can determine the application name and version number as well. SSL and IPv6 are supported. I am now working on increasing the number of services that are detected. Then I plan to focus on speed enhancements for a while. As for other features, I held a survey asking Nmap users to vote on the features they would like in the future. There were almost 2,000 responses, and you can read the results here. While these features would make Nmap more powerful, I am also trying to go the other direction and make Nmap users more powerful by writing a book on Nmap. It will start with port scanning basics for novices and then move on to the types of packet crafting used by advanced hackers. It will be published in dead-tree format, but I hope to make much or all of it available on the Web as well.

Alejandro (alexaway(a)hotmail.com) in Costa Rica asks:
What's your position on Spam? What do you think of the hackers actions against it?

Spam is obviously an enormous problem on the Internet today. I receive several hundred per day (not counting worms or braindead AOLers)! The hackers contributing the most to this anti-spam war are the ones working on free anti-spam solutions such as SpamAssassin. It has done wonders for protecting my mailbox! I also recently contributed money to the SpamCon Foundation, who are successfully battling spammers in the courts. I generally don't recommend illegal attacks against the spammers. After all, DDoS floods and the like can harm innocent parties in between. That being said, I do try to waste spammer resources on occasion. I call their toll-free numbers (for which they are charged by the minute as well as employee wages), and I also report egregious spam to their service providers. Often I get no response, but the occasional success make it all worthwhile. For example, here is a hilarious recorded message left by a spammer whom I reported. He is obviously furious, yet his courteous British upbringing forces him to thank me several times :). Another time I complained to a company that spammed me, their sysadmin sent me a private response saying that he uses Nmap daily. He then gave me the email address and phone number of the marketing "genius" who came up with the spamming strategy :). One other company was ignoring my complaints about their users spamming me, until I successfully guessed their CEO's email address. A later email from them included the email chain from the CEO, to the director of IS, all the way down the line to the so-called abuse department. Suddenly they were much more responsive!

Farzam (farzamdeed(a)hotmail.com) in Pakistan asks:
You look too young, is this so or its the skill of the photographer to make you that young. I want ask you what made you to achieve all this, i mean what you did for IT and now you are here. What made you to achieve all that, please not say common answers like HardWork etc etc. Please tell us about the REAL YOU which resides in you and helped you to achieve this all and suggest us what you should i do to be like you. "I am 17 yrs of age" What makes you special.

I am almost a decade your senior - you have plenty of time to achieve much greater things than I have. Whatever minor fame I have earned in the security community doesn't often carry over into "real life" anyway. Its not like women throw their panties to me in nightclubs, or people run up saying "wow! It's Fyodor!" Of course fame is not the point. I enjoy working on Nmap and Insecure.Org in the hopes that people will find them to be valuable resources and to give back a little for all the wonderful free software I use daily (Linux, *BSD, gcc, emacs, all of my favorite security tools, etc.) If you follow your passions, you will be successful. I never expected Nmap to be all that popular, I just shared my private tool because I thought a few others might find it useful. Then it sort of ballooned. For much more concrete suggestions to improve your security skills, see question 4 in my Slashdot interview.

Raider (raider(a)macinhata.net) in Portugal asks:
did you like to see Nmap in The Matrix ?? How did you feel about it?

How do you think I felt? It was incredible. I was a big fan of the original Matrix, and so I bought tickets well in advance for the first showing of Reloaded. I usually hate the invariably fake hacking scenes in movies, and so I was distressed when I saw Trinity heading in that direction. But then she whips out Nmap and gives a rather realistic (for a movie) hacking portrayal. I was stunned and excited. When I got home, I immediately wrote this message to my userbase. I still have screenshots and such on the front page of Insecure.Org if you scroll down a bit.

It is a little bit sad that I spent months on the new and powerful Nmap version detection scheme, which received very little press attention. Yet a cute woman in leather uses Nmap for 3 seconds in a movie and reporters are tripping over themselves and calling me in the wee hours of the morning for interviews. This demonstrates just how superficial the news media is. Oh well. Given that the Nmap project has no advertising budget, I will take whatever publicity we can get.

Also remember that the Nmap project is not just me. While I wrote it initially and do most of the coding, there is a huge community of volunteers who submit bug reports and patches, compilation fixes, new OS and service fingerprints, feature ideas, etc. Everyone who has contributed to Nmap over the years should feel proud of this exposure. I might have never updated Nmap since '97 if not for the community that formed around it.

Lorenzo Hernandez Garcia-Hierro (lorenzohgh(a)nsrg-security.com) in Spain asks:
Are you planning to design new features for nMap such as Nessus plugins and automated scanning between client-server ? Are you planning to add vulnerabilities databases to nMap for each service port, such as web services , smtp , etc ?

The UNIX philosophy generally prefers simple tools working together to achieve powerful ends while retaining flexibility. Nmap has moved beyond the "simple tool" designation, but I still try to keep it within a well-defined scope. I don't have any present plans to implement a vulnerability database, because Nessus already does a good job at that. In fact, Nessus already uses Nmap for its lower level host enumeration, port scanning, and OS detection functions. I try to achieve this sort of cooperation between open source projects, rather than to have Nmap encroach on Renaud's space. That would be a wasteful duplication of efforts. I may add some types of simple plugins later, as that could again ease cooperation with other tools. It is not on my short-term radar though. I also don't have current plans to add client/server capabilities to Nmap - an Nmap patch called RNmap (Remote Nmap) is already available to do this.

DeadLine (LeaveSky(a)hotmail.com) in Kuwait asks:
hello : we read every time in news about war between Muslims and Israel .. and Between Pakistani groups and so between Indian groups .... we want your opinion about like this kind of war?
NOTE FROM SyS64738: THE READER IS REFERRING TO THE CYBER-FIGHTS HAPPENING EVERY TIME ON THE NET FOR DIFFERENT POLITICAL REASONS

Obviously the physical wars are tragic. If I really knew how to stop them, I would be working on that rather than programming. I feel that it is very important for normal citizens to make their views heard. After all, it is the common folk who fight and are most likely to die in these wars, so we should have more influence on whether they happen in the first place.

While I believe in and encourage many types of protests, I am disturbed by much of the "cyber warfare" which seems to either inflame regional and ethnic hostilities, or (more commonly) use them as a sorry excuse for committing digital vandalism. In the Honeynet project, we were once monitoring a Pakistani group who broke into one of our servers and purported to engage in "hacktivism" against the Indian occupation of Kashmir. Yet the targets of their attacks often had a tenuous (if any) link to India, and they frequently used stolen credit cards to buy personal items. It seems that they were hiding behind an (arguably) noble cause as a way to justify immoral activity. That is an insult to the people who devote their lives to these causes. It reminds me of people who claim to participate in riots to fight some perceived injustice, when they really just want to loot their community stores.

Jay McGhee (jayjmcgh(a)aol.com) in the USA asks:
You create applications that you know will be used by hackers more often then it will be used by ITsec. How does this effect the flow of information on the internet in regards to security?

I don't agree that Nmap is used more by blackhats than white hats, although I have no statistics. In any case, I support full disclosure. Any tool of this nature is subject to use by people on all sides of the fence, and attempts to restrict distribution to only the "good guys" are futile. A huge number of systems administrators without the right connections would be deprived of a tool to help evaluate and secure their systems. Meanwhile, many of the ostensibly whitehat "security professionals" have alternate personas engaged in illicit network activity.

Project[K] (dj205205(a)hotmail.com) in the UK asks:
Hi there, just wanna ask, have you ever been involved in any kind of black hat activity in your security career, and if so, what were your motives?

Everyone seems to have a different definition of blackhat activities. Some consider portscanning a system without explicit authorization to be blackhat activity. Have I done that? Of course. But have I ever defaced a web page? Only during contracted pen-testing engagements. I don't condone defacements, but I will admit to chuckling at some of the more creative ones :).

Zone-H Staff themselves ask:
It's clear that it is the way of approaching problems and unusual thinking that makes a hacker, not only the tecnical knowledge, like the kid that breaks the radio-controlled car because he tries to understand how to run it faster... that's a hacker (ehrm, or maybe to change the quartz in the RC so to be able to "hijack" his mate's rc-car....) Given the above mentioned statement, can you tell us please who was, in your opinion, the person in the past whose mentality was very much close to today's hacker mentality? You must pick up anyone known to the history who lived earlier than the 18th century...

Oh no, I didn't realize this interview would test my world history knowledge :). And requiring that they lived before 1700 is harsh! I will have to go with Sir Isaac Newton. Like many hackers, he had a passion for learning. He would voraciously read math books (a close relative to computing/programming) and then went on to invent much of the fundamental calculus we now study. Also like many hackers, he dabbled (or more!) in other fields, never content to solely be an abstract math wiz. He made great progress in astronomy and (obviously) gravitational physics. He also had a rather akward personality, never had much luck with the ladies, and would engross himself so deeply in studies that he would forget to eat or sleep. Not that these last few attributes bear any relationship to your stereotypical hacker :). Finally, I think he expressed a hacker spirit when he said "Plato is my friend, Aristotle is my friend, but my best friend is truth." That isn't too far from "my crime is that of curiousity".

With that, I would like to thank SyS64738 for providing me this opportunity. I am flattered to give an interview for Zone-H, which is one of my favorite security resources. I even had the pleasure of lunch with SyS64738 during Defcon this year, and I look forward to future encounters with him and the Zone-H crew. Readers can feel free to send your questions and comments to me at fyodor(a)insecure.org

ZONE-H: What was the best question for you?

FYODOR: Tough question - several questions were really good. If I had to pick a favorite, I would go with Lorenzo's question: Are you planning to design new features for nMap such as Nessus plugins and automated scanning between client-server ? Are you planning to add vulnerabilities databases to nMap for each service port, such as web services , smtp , etc ? (Lorenzo Hernandez Garcia-Hierro (lorenzohgh(a)nsrg-security.com).

Lorenzo, you are the winner of Zone-H special gift for the Best Question. Please take contact with us for the delivering details.