Nmap Announce mailing list archives
Nmap 2.54BETA26 released
From: Fyodor <fyodor () insecure org>
Date: Mon, 9 Jul 2001 02:44:49 -0700
Hello everyone, I am happy to announce that Nmap 2.54BETA26 is now available. The coolest feature is a new scan type -- Idlescan! I'll send more info in a day or two, but the quick synopsis is that this is a completely blind scan (meaning no packets are sent to the target from your real IP address). Instead, a unique side-channel attack exploits predictable "IP fragmentation ID" sequence generation on the zombie host to glean information about the open ports on the target. The technique was invented by Antirez a while back. The other cool feature of Idlescan is that it permits mapping out IP-based trust relationships between machines. I'll send more info about Idlescan in a couple days. But advanced Nmap users can try it out now if you wish. Usage is "-sI <zombiehost>". Among other requirements, the zombie host you select must be up and it should not be engaging in very much network traffic. I also recently redesigned the web page to conserve bandwidth and speed load times. I hope you like the new organization. If not, feel free to make suggestions. Here are the 2.54BETA26 CHANGELOG entries: -- Added Idlescan (IPID blind scan). The usage syntax is "-sI <zombie>". -- Fixed a bunch of fingerprints that were corrupt due to violations of the fingerprint syntax/grammar (problems were found by Raymond Mercier of VIGILANTe ) -- Fixed command-line option parsing bug found by "m r rao" (mrrao () del3 vsnl net in ) -- Fixed an OS fingerprinting bug that caused many extra packets to be sent if you request a lot of decoys. -- Added some debug code to help diagnose the "Unknown datalink type" error. If Nmap is giving you this error, please send the following info to fyodor () insecure org : 1) The full output from Nmap (including the command arguments) 2) What OS and OS version are you using 3) What type of adaptor are you using (modem, ethernet, FDDI, etc) -- Added a bunch of IDS sensor/console/agent port numbers from Patrick Mueller (pmueller () neohapsis com) For those of you running Linux/x86 w/a recent version of rpm (www.rpm.org), you can install/upgrade to the newest version of nmap/nmapfe with these commands: rpm -vhU (nmap url) where (nmap url) is one (or both) of these: http://download.insecure.org/nmap/dist/nmap-2.54BETA26-1.i386.rpm http://download.insecure.org/nmap/dist/nmap-frontend-0.2.54BETA26-1.i386.rpm source tarballs and source RPMs are always available at: http://www.insecure.org/nmap/#download For the more paranoid (smart) members of the list, here are the md5 hashes: f75762a1678e6f34de96adb95e440a97 nmap-2.54BETA26-1.i386.rpm b9f1fe8fdd53d50a38fa8df046aacf4d nmap-2.54BETA26-1.src.rpm 9fa0305c82c53576f241dcc8d21b8b60 nmap-2.54BETA26.tgz 6578182786022e32de8bf33fb6060ff5 nmap-frontend-0.2.54BETA26-1.i386.rpm [ Yes, I should really GPG sign this email too ] Please let me know if you find any problems. Cheers, Fyodor -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Nmap 2.54BETA26 released Fyodor (Jul 09)