Nmap Announce mailing list archives
Nmap 3.48: Service fingerprints galore!
From: Fyodor <fyodor () insecure org>
Date: Mon, 6 Oct 2003 02:23:21 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hello everyone, I spent the last couple weeks integrating TONS of submitted service fingerprints as well as a number of great patches (mostly portability related) that have been sent. Wow! In the first two days after the 3.45 release, you guys made more than 800 submissions! Now there are nearly 2000 total. I still have more to integrate before I am caught up, but I don't want to delay this release any longer. Please keep the submissions coming! Even though I am behind at the moment, I will get to all the submissions. The service detection release has been so successful that I am already working on the next major feature! It will be called "bomb scan" (-sB) and utilize the technology described in this article: http://students.cs.byu.edu/~emcnabb/computerbomb.jpg I am still deciding on the command-line API for this. Considering the severity of the attack, I might want to require an -f (force) option like rm has. It would be a shame for people to die because a tired sysadmin pressed -sB when he meant -sN (NULL scan). On the other hand, UNIX was not designed to coddle the weak. If you accidently obliterate one of your subsidiary companies with a bomb scan of their /16, that will teach you to be more careful next time! In more serious news, I am pleased to release Nmap 3.48. Besides nearly DOUBLING the Nmap version detection database size to 663 signatures thanks to your submissions, this version improves some version detection algorithms to provide more accurate results more quickly. I have also added "helper functions" to the file format for dealing with UNICODE encoding of normal ASCII strings and several other strange issues. 3.48 also offers many bugfixes to resolve both runtime errors and compilation problems. Note that 3.46 and 3.47 were "informal" releases sent to nmap-dev for testing. If you are interested in that sort of early release, subscribe by sending a blank email to nmap-dev-subscribe () insecure org . Or read the archives on http://lists.insecure.org . As usual, 3.48 is available from http://www.insecure.org/nmap/nmap_download.html , including Windows (.zip format) binaries. For the more paranoid (smart) members of the list, here are the md5 hashes: 6235bed7670833e971ece3d560ab4bf6 nmap-3.48-1.i386.rpm a1eb700d736ce475db9dd8259b90c42c nmap-3.48-1.src.rpm 8c38559a863efd476c5b042123f1ee3a nmap-3.48.tar.bz2 e8be0d30326ba0af5e07d3593609143c nmap-3.48.tgz 99d04fd44c34ab1eabb1a15c80f232e7 nmap-3.48-win32.zip 125b65a40b2bcb8c7acc399e8fa206fd nmap-frontend-3.48-1.i386.rpm These release notes should be signed with my PGP key, which is available at http://www.insecure.org/fyodor_gpgkey.txt . The key fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E Enjoy! And please let me know if you find any problems. Here are the major changes since 3.45: o Integrated an enormous number of version detection service submissions. The database has almost doubled in size to 663 signatures representing the following 130 services: 3dm-http afp apcnisd arkstats bittorent chargen citrix-ica cvspserver cvsup dantzretrospect daytime dict directconnect domain echo eggdrop exec finger flexlm font-service ftp ftp-proxy gnats gnutella-http hddtemp hp-gsg http http-proxy hylafax icecast ident imap imaps imsp ipp irc ircbot irc-proxy issrealsecure jabber kazaa-http kerberos-sec landesk-rc ldap linuxconf lmtp lotusnotes lpd lucent-fwadm meetingmaker melange microsoft-ds microsoft-rdp mldonkey msactivesync msdtc msrpc ms-sql-m mstask mud mysql napster ncacn_http ncp netbios-ns netbios-ssn netrek netsaint netstat netwareip networkaudio nntp nsclient nsunicast ntop-http omniback oracle-mts oracle-tns pcanywheredata pksd pmud pop2 pop3 pop3s poppass postgresql powerchute printer qotd redcarpet rendezvous rlogind rpc rsync rtsp sdmsvc sftp shell shivahose sieve slimp3 smtp smux snpp sourceoffice spamd ssc-agent ssh ssl svrloc symantec-av symantec-esm systat telnet time tinyfw upnp uucp veritasnetbackup vnc vnc-http vtun webster whois wins winshell wms X11 xfce zebra o Added the ability to execute "helper functions" in version templates, to help clean up/manipulate data captured from a server response. The first defined function is P() which includes only printable characters in a captured string. The main impetus for this is to deal with unicode strings like "W\0O\0R\0K\0G\0R\0O\0U\0P\0" that many MS protocols send. Nmap can now decode that into "WORKGROUP". o Added SUBST() helper function, which replaces strings in matched appname/version/extrainfo strings with something else. For example, VanDyke Vshell gives a banner that includes "SSH-2\.0-VShell_2_2_0_528". A substring match is used to pick out the string "2_2_0_528", and then SUBST(1,"_",".") is called on that match to form the version number 2.2.0.528. o If responses to a probe fail to match any of the registered match strings for that probe, Nmap will now try against the registered "null probe" match strings. This helps in the case that the NULL probe initially times out (perhaps because of initial DNS lookup) but the banner appears in later responses. o Applied some portability fixes (particularly for OpenBSD) from Chad Loder (cloder(a)loder.us), who is also now the OpenBSD Nmap port maintainer. o Applied some portability fixes from Marius Strobl (marius(a)alchemy.franken.de). o The tarball distribution of Nmap now strips the binary at install time thanks to a patch from Marius Strobl (marius(a)alchemy.franken.de). o Fixed a problem related to building Nmap on systems that lack PCRE libs (and thus have to use the ones included by Nmap). Thanks to Remi Denis-Courmont (deniscr6(a)cti.ecp.fr) for the repot and patch. o Alphebetized the service names in each Probe section in nmap-service-probes (makes them easier to find and add to). o Fixed the problem several people reported where Nmap would quit with a "broken pipe" error during service scanning. Thanks to Jari Ruusu (jari.ruusu(a)pp.inet.fi) for sending a patch. The actual error message was "Unexpected error in NSE_TYPE_READ callback. Error code: 32 (Broken pipe)" o Fixed protocol scan (-sO), which I had broken when adding the new output table format. It would complain "NmapOutputTable.cc:128: failed assertion `row < numRows'". Thanks to Matt Burnett (marukka(a)mac.com) for notifying me of the problem. o Upgraded Libpcap to the latest tcpdump.org version (0.7.2) from 0.7.1 o Applied a patch from Peter Marschall (peter(a)adpm.de) which adds version detection support to nmapfe. o Fixed a problem with XML output being invalid when service detection was done on SSL-tunneled ports. Thanks to the several people who reported this - it means that folks are actually using the XML output :). o Fixed (I hope) some Solaris Sune ONE compiler compilation problems reported (w/patches) by Mikael Mannstrom (candyman(a)penti.org) o Fixed the --with-openssl configure option for people who have OpenSSL installed in a path not automatically found by their compilers. Thanks to Marius Strobl (marius(a)alchemy.franken.de) for the patch. o Made some portability changes for HP-UX and possibly other types of machines, thanks to a patch from Petter Reinholdtsen (pere(a)hungry.com) o Applied a patch from Matt Selsky (selsky () columbia edu) which fixes compilation on some Solaris boxes, and maybe others. The error said "cannot compute sizeof (char)" o Applied some patches from the NetBSD ports tree that Hubert Feyrer (hubert.feyrer(a)informatik.fh-regensburg.de) sent me. The NetBSD Nmap ports page is at http://www.NetBSD.org/packages/net/nmap/ . o Applied some Makefile patches from the FreeBSD ports tree that I found at http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/nmap/files/ Cheers, - -Fyodor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBP4Ezas4dPqJTWH2VAQEG1QP/cDoEUF+O6ndYg1MCDd7B/bBVH6jzNcqo Ncc9JElvuXqZu8wMedBJT8qQN8UDUOS0IHXsngverILIyRsPez4kXWsae6qViRVI dxMKsMJmHgBM6UK/mJ2Z+LPTShhB9UHHXwrmo3AucAxfu4Nq9X9NvFkebEx7lsAt /dqdQ40cGUs= =Tfw6 -----END PGP SIGNATURE----- -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Nmap 3.48: Service fingerprints galore! Fyodor (Oct 06)