Hi Ian,
I have been considering using netcat with the minus z option as an enterprise monitoring solution to test the availability of smtp, http, lotusnotes SAP etc. but read in http://rr.sans.org/audit/netcat.php that it was not recommended for use in production systems. Does anyone know why ? Also does anyone know of a safer alternative?
I guess that they recommend to install netcat only if you need it. By consequence, you have to install it if you want to use it. They argue in that website that it's safer to not have programs installed that you don't need. To me, this seems to be the only argument against installing (and thereby also using) it. Security breaches in netcat seem rather unlikely.
Warm Regards
Thanks, Roman. -- I read this also with some disbelief and was motivated to reply to the sender originally. netcat is a smaller hole (in potential at least) than any of the scripting languages that offer socket API's IMO.