Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Nmap 2.54BETA26 released

From: Fyodor <fyodor () insecure org>
Date: Mon, 9 Jul 2001 02:44:49 -0700
Hello everyone,

I am happy to announce that Nmap 2.54BETA26 is now available.  The
coolest feature is a new scan type -- Idlescan!  I'll send more info
in a day or two, but the quick synopsis is that this is a completely
blind scan (meaning no packets are sent to the target from your real
IP address).  Instead, a unique side-channel attack exploits
predictable "IP fragmentation ID" sequence generation on the zombie
host to glean information about the open ports on the target.  The
technique was invented by Antirez a while back.

The other cool feature of Idlescan is that it permits mapping out
IP-based trust relationships between machines.  I'll send more info
about Idlescan in a couple days.  But advanced Nmap users can try it
out now if you wish.  Usage is "-sI <zombiehost>".  Among other
requirements, the zombie host you select must be up and it should not
be engaging in very much network traffic.

I also recently redesigned the web page to conserve bandwidth and
speed load times.  I hope you like the new organization.  If not, feel
free to make suggestions.

Here are the 2.54BETA26 CHANGELOG entries:

-- Added Idlescan (IPID blind scan).  The usage syntax is 
   "-sI <zombie>".

-- Fixed a bunch of fingerprints that were corrupt due to violations
   of the fingerprint syntax/grammar (problems were found by Raymond
   Mercier of VIGILANTe )

-- Fixed command-line option parsing bug found 
   by "m r rao" (mrrao () del3 vsnl net in )

-- Fixed an OS fingerprinting bug that caused many extra packets to be
   sent if you request a lot of decoys.

-- Added some debug code to help diagnose the "Unknown datalink type"
   error.  If Nmap is giving you this error, please send the following
   info to fyodor () insecure org :
   1) The full output from Nmap (including the command arguments)
   2) What OS and OS version are you using
   3) What type of adaptor are you using (modem, ethernet, FDDI, etc)

-- Added a bunch of IDS sensor/console/agent port numbers from
   Patrick Mueller (pmueller () neohapsis com)

For those of you running Linux/x86 w/a recent version of rpm
(www.rpm.org), you can install/upgrade to the newest version of
nmap/nmapfe with these commands:

rpm -vhU (nmap url)
where (nmap url) is one (or both) of these:

http://download.insecure.org/nmap/dist/nmap-2.54BETA26-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-0.2.54BETA26-1.i386.rpm

source tarballs and source RPMs are always available at:
http://www.insecure.org/nmap/#download

For the more paranoid (smart) members of the list, here are the md5
hashes:

f75762a1678e6f34de96adb95e440a97 nmap-2.54BETA26-1.i386.rpm
b9f1fe8fdd53d50a38fa8df046aacf4d nmap-2.54BETA26-1.src.rpm
9fa0305c82c53576f241dcc8d21b8b60 nmap-2.54BETA26.tgz
6578182786022e32de8bf33fb6060ff5 nmap-frontend-0.2.54BETA26-1.i386.rpm

[ Yes, I should really GPG sign this email too ]

Please let me know if you find any problems.

Cheers,
Fyodor


--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: