Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Peace, War, Happiness, and Nmap 3.15BETA3

From: Fyodor <fyodor () insecure org>
Date: Sun, 16 Mar 2003 17:11:09 -0800
-----BEGIN PGP SIGNED MESSAGE-----

Hello everyone,

We live in scary times!  Bush just announced his intention to defy the
United Nations if they don't submit to his imperialist objectives by
tomorrow (Monday)!  A unilateral invasion of Iraq could follow this
week.  While I do have a shiny new version of Nmap for you, I would
urge peace proponents to first take a few minutes and contact your
country's representatives.  While the situation appears bleak indeed,
it is never too late to try!

With that out of the way, I have a few more pleasant announcements.

First of all, we have been Slashdotted!  Berrueta's article that I
mailed here last week is being discussed at
http://slashdot.org/article.pl?sid=03/03/16/165214&mode=nested&tid=172&threshold=4
Remember that you heard it here first!

... and if you DIDN'T hear it here first, perhaps my last two messages
didn't get through.  I received many bounces claiming the messages
violate decency standards due to a profane word or two.  In that
case, you can catch up at
http://lists.insecure.org/lists/nmap-hackers/2003/Jan-Mar/index.html .

And the primary purpose of this email is to announce that Nmap
3.15BETA3 is now available!  This version includes substantial
changes, especially with regard to timing improvements.  It is a
candidate for the next "stable" version, which I hope to release
SOON.  So please let me know quickly if you find any bugs.

The biggest improvement is in scan times against heavily filtered
hosts.  I also made many changes to the timing policies such as -T4
(aggressive).  Here is a concrete example of the changes:

[ First we try a default scan of www.insecure.org using the previous version of Nmap ]

#/usr/bin/nmap -P0 www.insecure.org
Starting nmap V. 3.15BETA2 ( www.insecure.org/nmap/ )
Interesting ports on www.insecure.org (64.71.184.53):
(The 1600 ports scanned but not shown below are in state: filtered)
Port       State       Service
22/tcp     open        ssh
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
113/tcp    closed      auth
8080/tcp   closed      http-proxy
Nmap run completed -- 1 IP address (1 host up) scanned in 556.479 seconds

[ Ouch!  Almost 10 minutes!  Lets now try the same command with the
  new BETA3 ]

#./nmap -P0 www.insecure.org

Starting nmap 3.15BETA3 ( www.insecure.org/nmap/ ) at 2003-03-16 13:05 PST
Interesting ports on www.insecure.org (64.71.184.53):
(The 1605 ports scanned but not shown below are in state: filtered)
Port       State       Service
22/tcp     open        ssh
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
113/tcp    closed      auth
8080/tcp   closed      http-proxy
Nmap run completed -- 1 IP address (1 host up) scanned in 228.477 seconds

[ OK, that is twice as fast.  But can we do any better?  Lets try with he new improved -T4 ]
#./nmap -P0 -T4 www.insecure.org

Starting nmap 3.15BETA3 ( www.insecure.org/nmap/ ) at 2003-03-16 12:57 PST
Interesting ports on www.insecure.org (64.71.184.53):
(The 1605 ports scanned but not shown below are in state: filtered)
Port       State       Service
22/tcp     open        ssh
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
113/tcp    closed      auth
8080/tcp   closed      http-proxy
Nmap run completed -- 1 IP address (1 host up) scanned in 40.865 seconds

[ Only 40 seconds!  Now that is what I like to see.  Note that -T4 is
  exactly the same as "-T Aggressive" but is easier to type (and spell) ]

This version also fixes -g so that it always uses the given source
port during SYN scans, even when packets must be retransmitted.  I
also made the move to .tar.bz2 discussed in a previous mail.  Here is
the full CHANGELOG:

o Made numerous improvements to the timing behavior of "-T Aggressive"
  (same as -T4) scans.  It is now recommended for regular use by
  impatient people with a fast connection.  "-T Insane" mode has also
  been updated, but we only recommend that for, well, insane people.

o Made substantial changes to the SYN/connect()/Window scanning
  algorithms for improved speeds, especially against heavily filtered
  hosts.  If you notice any timing problems (misidentified ports,
  etc.), please send me the details (including full Nmap output and a
  description of what is wrong).  Reports of any timing problems with
  -T4 would be helpful as well.

o Changed Nmap such that ALL syn scan packets are sent from the port
  you specify with -g.  Retransmissions used to utilize successively
  higher ports.  This change has a downside in that some operating
  systems (such as Linux) often won't reply to the retransmissions
  because they reuse the same connection specifier quad
  (srcip:srcport:dstip:dstport).  Overall I think this is a win.

o Added timestamps to "Starting nmap" line and each host port scan in
  verbose (-v) mode.  These are in ISO 8601 standard format because
  unlike President Bush, we actually care about international 
  consensus :).

o Nmap now comes by default in .tar.bz2 format, which compresses about
  20% further.  You can still find .tgz in the dist directory at
  http://download.insecure.org/nmap/dist/?M=D .

o Various other minor bugfixes, new services, fingerprints, etc.

For those of you running Linux/x86 w/a recent version of rpm
(www.rpm.org), you can install/upgrade to the newest version of
nmap/nmapfe by executing these commands as root:

rpm -vhU (nmap url)
where (nmap url) is one (or both) of these:

http://download.insecure.org/nmap/dist/nmap-3.15BETA3-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-3.15BETA3-1.i386.rpm

For the rest of you, source tarballs and source RPMs are always
available at: http://www.insecure.org/nmap/nmap_download.html

For the more paranoid (smart) members of the list, here are the md5
hashes:

93545af1f8876127b83129e681dd27d9  nmap-3.15BETA3-1.i386.rpm
dc600acc6df506e0be891170c9b577f0  nmap-3.15BETA3-1.src.rpm
3f93ec6772a99f6716479210f32f75af  nmap-3.15BETA3.tar.bz2
44c655cc8dca87f6ef3e3b3d26c821e6  nmap-3.15BETA3.tgz
28c4ee699f6457dd58427652a0cfb971  nmap-3.15BETA3-win32.zip
5bac947aa87601ab218d5326c33aa4a9  nmap-frontend-3.15BETA3-1.i386.rpm

These release notes should be signed with my PGP key, which is
available at http://www.insecure.org/fyodor_gpgkey.txt .
The key fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E

Cheers,
Fyodor

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBPnUgCc4dPqJTWH2VAQGMrwQAwpDtPQXvp11aDOL0varXS4qK4RmH1tfz
QwD+0kSG/Vna4qFQ/hR3oSMQS18nZEuETiI+HX0aWip5O0EEZiUU+CbOoz2mXuJC
Dp+RGZJGnmYCRF1Y2v58C0nD4p2MIIyQyPsd86quBEs6C5e+yoWU+5tY/C63GB6W
lhqEJqtUOws=
=Zrlj
-----END PGP SIGNATURE-----

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: