Nmap Announce mailing list archives
Peace, War, Happiness, and Nmap 3.15BETA3
From: Fyodor <fyodor () insecure org>
Date: Sun, 16 Mar 2003 17:11:09 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hello everyone, We live in scary times! Bush just announced his intention to defy the United Nations if they don't submit to his imperialist objectives by tomorrow (Monday)! A unilateral invasion of Iraq could follow this week. While I do have a shiny new version of Nmap for you, I would urge peace proponents to first take a few minutes and contact your country's representatives. While the situation appears bleak indeed, it is never too late to try! With that out of the way, I have a few more pleasant announcements. First of all, we have been Slashdotted! Berrueta's article that I mailed here last week is being discussed at http://slashdot.org/article.pl?sid=03/03/16/165214&mode=nested&tid=172&threshold=4 Remember that you heard it here first! ... and if you DIDN'T hear it here first, perhaps my last two messages didn't get through. I received many bounces claiming the messages violate decency standards due to a profane word or two. In that case, you can catch up at http://lists.insecure.org/lists/nmap-hackers/2003/Jan-Mar/index.html . And the primary purpose of this email is to announce that Nmap 3.15BETA3 is now available! This version includes substantial changes, especially with regard to timing improvements. It is a candidate for the next "stable" version, which I hope to release SOON. So please let me know quickly if you find any bugs. The biggest improvement is in scan times against heavily filtered hosts. I also made many changes to the timing policies such as -T4 (aggressive). Here is a concrete example of the changes: [ First we try a default scan of www.insecure.org using the previous version of Nmap ] #/usr/bin/nmap -P0 www.insecure.org Starting nmap V. 3.15BETA2 ( www.insecure.org/nmap/ ) Interesting ports on www.insecure.org (64.71.184.53): (The 1600 ports scanned but not shown below are in state: filtered) Port State Service 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 113/tcp closed auth 8080/tcp closed http-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 556.479 seconds [ Ouch! Almost 10 minutes! Lets now try the same command with the new BETA3 ] #./nmap -P0 www.insecure.org Starting nmap 3.15BETA3 ( www.insecure.org/nmap/ ) at 2003-03-16 13:05 PST Interesting ports on www.insecure.org (64.71.184.53): (The 1605 ports scanned but not shown below are in state: filtered) Port State Service 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 113/tcp closed auth 8080/tcp closed http-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 228.477 seconds [ OK, that is twice as fast. But can we do any better? Lets try with he new improved -T4 ] #./nmap -P0 -T4 www.insecure.org Starting nmap 3.15BETA3 ( www.insecure.org/nmap/ ) at 2003-03-16 12:57 PST Interesting ports on www.insecure.org (64.71.184.53): (The 1605 ports scanned but not shown below are in state: filtered) Port State Service 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 113/tcp closed auth 8080/tcp closed http-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 40.865 seconds [ Only 40 seconds! Now that is what I like to see. Note that -T4 is exactly the same as "-T Aggressive" but is easier to type (and spell) ] This version also fixes -g so that it always uses the given source port during SYN scans, even when packets must be retransmitted. I also made the move to .tar.bz2 discussed in a previous mail. Here is the full CHANGELOG: o Made numerous improvements to the timing behavior of "-T Aggressive" (same as -T4) scans. It is now recommended for regular use by impatient people with a fast connection. "-T Insane" mode has also been updated, but we only recommend that for, well, insane people. o Made substantial changes to the SYN/connect()/Window scanning algorithms for improved speeds, especially against heavily filtered hosts. If you notice any timing problems (misidentified ports, etc.), please send me the details (including full Nmap output and a description of what is wrong). Reports of any timing problems with -T4 would be helpful as well. o Changed Nmap such that ALL syn scan packets are sent from the port you specify with -g. Retransmissions used to utilize successively higher ports. This change has a downside in that some operating systems (such as Linux) often won't reply to the retransmissions because they reuse the same connection specifier quad (srcip:srcport:dstip:dstport). Overall I think this is a win. o Added timestamps to "Starting nmap" line and each host port scan in verbose (-v) mode. These are in ISO 8601 standard format because unlike President Bush, we actually care about international consensus :). o Nmap now comes by default in .tar.bz2 format, which compresses about 20% further. You can still find .tgz in the dist directory at http://download.insecure.org/nmap/dist/?M=D . o Various other minor bugfixes, new services, fingerprints, etc. For those of you running Linux/x86 w/a recent version of rpm (www.rpm.org), you can install/upgrade to the newest version of nmap/nmapfe by executing these commands as root: rpm -vhU (nmap url) where (nmap url) is one (or both) of these: http://download.insecure.org/nmap/dist/nmap-3.15BETA3-1.i386.rpm http://download.insecure.org/nmap/dist/nmap-frontend-3.15BETA3-1.i386.rpm For the rest of you, source tarballs and source RPMs are always available at: http://www.insecure.org/nmap/nmap_download.html For the more paranoid (smart) members of the list, here are the md5 hashes: 93545af1f8876127b83129e681dd27d9 nmap-3.15BETA3-1.i386.rpm dc600acc6df506e0be891170c9b577f0 nmap-3.15BETA3-1.src.rpm 3f93ec6772a99f6716479210f32f75af nmap-3.15BETA3.tar.bz2 44c655cc8dca87f6ef3e3b3d26c821e6 nmap-3.15BETA3.tgz 28c4ee699f6457dd58427652a0cfb971 nmap-3.15BETA3-win32.zip 5bac947aa87601ab218d5326c33aa4a9 nmap-frontend-3.15BETA3-1.i386.rpm These release notes should be signed with my PGP key, which is available at http://www.insecure.org/fyodor_gpgkey.txt . The key fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E Cheers, Fyodor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBPnUgCc4dPqJTWH2VAQGMrwQAwpDtPQXvp11aDOL0varXS4qK4RmH1tfz QwD+0kSG/Vna4qFQ/hR3oSMQS18nZEuETiI+HX0aWip5O0EEZiUU+CbOoz2mXuJC Dp+RGZJGnmYCRF1Y2v58C0nD4p2MIIyQyPsd86quBEs6C5e+yoWU+5tY/C63GB6W lhqEJqtUOws= =Zrlj -----END PGP SIGNATURE----- -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Peace, War, Happiness, and Nmap 3.15BETA3 Fyodor (Mar 16)