Nmap Announce mailing list archives

Re: 2.06

From: //Stany <stany () pet notbsd org>
Date: Mon, 8 Feb 1999 23:32:32 -0500 (EST)

On Mon, 8 Feb 1999, Fyodor wrote:


I just released 2.06 which is a "quick fix" release to solve a few
problems people had with 2.05.  Here are the most important changes:

-- Fixed compile problems on machines which lack snprintf() (found by Ken
   Williams <jkwilli2 () unity ncsu edu>)
-- Added the squid proxy to nmap-services (suggested by Holger Heimann)
-- Fixed a problem where the new memory allocation system was handing out
   misaligned pointers.
-- Fixed another memory allocation bug which probably doesn't cause any
   real-life problems.
-- Made nmap look in more places for nmap-os-fingerprints

Anyone who has problems with 2.05 should try 2.06 before reporting errors.


Ok, Well, 2.05 was coreing under Solaris 2.6 SPARC (specifically it was
doing that if name of the machine givn to it was not resolving), while the
2.06 seems to run.  However, and this little "however" is a show stopper
for me, it seems like the -sS support have become broken again.  

In other words: 8-( 

root@zerkalo:/opt/nmap/bin[6]# ./nmap -vv -O -sS gargoyle   

Starting nmap V. 2.06 by Fyodor (fyodor () dhp com, www.insecure.org/nmap/)
Could not open and read from /dev/urandom or /dev/random!  Using
(probably) insecure random number source!
Host gargoyle.notBSD.org (192.168.1.1) appears to be up ... good.
Initiating SYN half-open stealth scan against gargoyle.notBSD.org
(192.168.1.1)
Adding TCP port 515 (state Open).
Adding TCP port 111 (state Open).
Adding TCP port 22 (state Open).
Adding TCP port 2049 (state Open).
Adding TCP port 925 (state Open).
Adding TCP port 25 (state Open).
Adding TCP port 53 (state Open).
The SYN scan took 1 seconds to scan 1477 ports.
For OSScan assuming that port 22 is open and port 32749 is closed and
neither are firewalled

From here on nmap never returns.  Now, if I disable -sS, I can finish the

scan through:
root@zerkalo:/opt/nmap/bin[7]# ./nmap -vv -O gargoyle

Starting nmap V. 2.06 by Fyodor (fyodor () dhp com, www.insecure.org/nmap/)
Could not open and read from /dev/urandom or /dev/random!  Using
(probably) insecure random number source!
No scantype specified, assuming vanilla tcp connect() scan. Use -sP if you
really don't want to portscan (and just want to see what hosts are up).
Host gargoyle.notBSD.org (192.168.1.1) appears to be up ... good.
Initiating TCP connect() scan against gargoyle.notBSD.org (192.168.1.1)
Adding TCP port 515 (state Open).
Adding TCP port 925 (state Open).
Adding TCP port 111 (state Open).
Adding TCP port 22 (state Open).
Adding TCP port 25 (state Open).
Adding TCP port 2049 (state Open).
Adding TCP port 53 (state Open).
The TCP connect scan took 2 seconds to scan 1477 ports.
For OSScan assuming that port 22 is open and port 39372 is closed and
neither are firewalled
Interesting ports on gargoyle.notBSD.org (192.168.1.1):
Port    State       Protocol  Service
22      open        tcp        ssh             
25      open        tcp        smtp            
53      open        tcp        domain          
111     open        tcp        sunrpc          
515     open        tcp        printer         
925     open        tcp        unknown         
2049    open        tcp        nfs             

TCP Sequence Prediction: Class=truly random
                         Difficulty=9999999 (Good luck!)

Sequence numbers: 35A3CD02 FD2345E9 FA9B9C95 FB4777E8 29D62F47 B2BFBB29
Remote operating system guess: Linux 2.0.35-36
OS Fingerprint:
TSeq(Class=TR)
T1(Resp=Y%DF=N%W=7FF0%ACK=S++%Flags=AS%Ops=ME)
T2(Resp=N)
T3(Resp=Y%DF=N%W=7FF0%ACK=S++%Flags=ASF%Ops=ME)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T7(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RIPCK=E%UCK=E%ULEN=134%DAT=E)

Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
root@zerkalo:/opt/nmap/bin[8]# 

Just for record:
root@zerkalo:/opt/nmap/bin[8]# uname -a
SunOS zerkalo.notbsd.org 5.6 Generic_105181-11 sun4m sparc SUNW,SPARCstation-10

I would love to try to figure this one out, but due to lack of time I'll
have to wait till the next week-end.  If anyone fixes it before then,
great!

Oh, and BTW:  Switch to new /dev/urandom or /dev/random as the default
source of entropy causes a warning upon start-up, as Solaris lacks that
(seems to be true for both SunOS 5.6 and 5.7).  It might be worth-while to
implement OS detection at compile time, and #ifdef Solaris, then
transparently switch back to the old source of entropy as the default.
Same thing might apply for other OSes lacking true randomness.  ;-)

It is just a cosmetic issue, though.

Cheers,
Fyodor


//Stany
-- 
+-----------------------------------------------------------------------------+
|         Stanislav N. Vardomskiy - Procurator Odiosus Ex Infernis[TM]        |
|        This message is brought to you by letters jey, ow, el and tee.       |
|              Jolt!  For all the sugar and twice the caffeine.               |
+-----------------------------------------------------------------------------+

Current thread:

2.06 Fyodor (Feb 08)
- Re: 2.06 //Stany (Feb 08)
  - Re: 2.06 Fyodor (Feb 09)
    - Re: 2.06 Igor Schein (Feb 09)