Nmap Announce mailing list archives

Previous By Date Next
Previous By Thread Next

Nmap 2.3BETA4

From: Fyodor <fyodor () dhp com>
Date: Mon, 30 Aug 1999 06:22:18 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----

Just when you were thinking a new Nmap version would never come along ...

I'm happy to announce Nmap 2.3BETA4 .  The most interesting new change is
direct (non-portmapper) RPC scanning.  This allows you to obtain 'rpcinfo
- -p' type of information even when your target has firewalled portmapper.
This is a good way to locate cmsd, tooltalkd, statd, etc. on your
networks.  RPC scanning is activated by -sR; here is an example session
against a stock Solaris 7 box:

amy# ./nmap -sRUS -p 7,9,13,19,21,23,25,37,42,79,111,32760-32785 xanadu
Starting nmap V. 2.3BETA1 by Fyodor
(fyodor () dhp com,www.insecure.org/nmap/)
Interesting ports on xanadu.yuma.net (192.168.0.10):
Port    State       Protocol  Service (RPC)
7       open        udp       echo (Non-RPC)
7       open        tcp       echo (Non-RPC)
9       open        udp       discard (Non-RPC)
9       open        tcp       discard (Non-RPC)
13      open        udp       daytime (Non-RPC)
13      open        tcp       daytime (Non-RPC)
19      open        udp       chargen (Non-RPC)
19      open        tcp       chargen (Non-RPC)
21      open        tcp       ftp (Non-RPC)
23      open        tcp       telnet (Non-RPC)
25      open        tcp       smtp (Non-RPC)
37      open        udp       time (Non-RPC)
37      open        tcp       time (Non-RPC)
42      open        udp       nameserver (Non-RPC)
79      open        tcp       finger (Non-RPC)
111     open        udp       sunrpc (portmapper V2-4)
111     open        tcp       sunrpc (portmapper V2-4)
32771   open        udp       (Non-RPC)
32771   open        tcp       (status V1)
32772   open        udp       (status V1)
32772   open        tcp       (Non-RPC)
32773   open        udp       (sadmind V10)
32773   open        tcp       (ttdbserverd V1)
32774   open        udp       (rquotad V1)
32774   open        tcp       (Non-RPC)
32775   open        udp       (rusersd V2-3)
32775   open        tcp       (cachefsd V1)
32776   open        udp       (sprayd V1)
32776   open        tcp       (Non-RPC)   
32777   open        udp       (walld V1)  
32777   open        tcp       (cmsd V2-5) 
32778   open        udp       (rstatd V2-4)
32779   open        udp       (cmsd V2-5) 

Nmap run completed -- 1 IP address (1 host up) scanned in 30 seconds
amy#

I gave an explicit port list because UDP scanning takes _forever_ against
Solaris:(.  Look at all those juicy RPC services at the end -- count the
root holes :).

Many thanks go to ga <ga () capyork com> for writing sample code to
demonstrate the technique.  The RPC services list included with
nmap was compiled by Vik Bajaj <vbajaj () sas upenn edu> with help from
various members of this list. 

This version also contains many new and improved OS fingerprints.  Thanks
to everyone for keeping those coming in!

A few more changes:

** Fixed a problem that could cause freezes when you
   scan machines on at least two different types of interfaces as part
   of the same command.

** Identified and found workaround for Linux kernel bug which allows
   connect() to sometimes succeed inapropriately when scanning closed
   ports on localhost.

** Fixed problems relating to people who specify the same port more
   than once on the command line.  While the right answer is "well,
   don't do that!", I decided to fix nmap to handle this gracefully.

** Tweaked UDP scanning to be more effective against Solaris ICMP
   error limiting.

** Fixed strtol() integer overflow problem found by Renaud 
   Deraison <deraison () cvs nessus org>

** The HTML translation of the Man page at
   http://www.insecure.org/nmap/nmap_manpage.html should now be
   complete (man2html was dropping lines before).

** Added a note in the man page that Nmap 2.0+ is believed to be
   COMPLETELY Y2K COMPLIANT!  I've been getting a lot of letters from
   laywers about that recently.  You should still be able to port scan on
   Jan 1st (well ... as long as you have electricity and gangs of looting
   thugs haven't stolen your computers :)

Please let me know if you guys find any problems!  That is the purpose of
beta releases after all.

Cheers,
Fyodor

 --
Fyodor                            'finger pgp () pgp insecure org | pgp -fka'
"The percentage of users running Windows NT Workstation 4.0 whose PCs
 stopped working more than once a month was less than half that of Windows 
 95 users." -- microsoft.com/NTWorkstation/Basics/Features/Reliability/



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBN8pbXM4dPqJTWH2VAQHZ3AQAlUqjQmyGY2qX9KZ2WPwzQ0xzoweVzkxM
+tbSMrMFir6Jm+OB078wIqakgcFDEzlpdPTa6ls56KgbCAEjHowLAggzjc61XK2n
HNg8UbCD+AqqeOddviAuDjWNbeRWZdK1BLwtdPZB4fZmy7ZdkFZGAX3a3aVd37/a
JHSZdDynbz0=
=erky
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: