Nmap Announce mailing list archives
Nmap 3.55 Released
From: Fyodor <fyodor () insecure org>
Date: Wed, 7 Jul 2004 01:48:39 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hello everyone, I am just about to leave for a week in New York, including attending HOPE 5 ( http://www.the-fifth-hope.org/hoop/ ). Perhaps I'll see some of you there. Now there are (smart) people who would advise against releasing a new stable version of Nmap just hours before my flight. I might come back next week to thousands of mails saying "you forgot to set read permission on the tarball, you dolt!" or "it doesn't even compile on [some important OS]!" I'm gonna risk it anyway. I'm pleased to release Nmap 3.55. It includes dozens of changes. The coolest is MAC address detection and vendor lookup. That can be very useful for systems/network administrators trying to track machines with dynamic IPs. It also augments OS detection in determining what a system is -- a system with a Cisco ethernet card is probably a router. Note the MAC address field in this example: # nmap -A -T4 wap Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2004-07-07 01:38 PDT Insufficient responses for TCP sequencing (0), OS detection may be less accurate Interesting ports on wap.yuma.net (192.168.0.6): (The 1659 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 80/tcp open http NetGear MR-series WAP (MR814; Embedded HTTPD 1.00, 1999(c) Delta Networks Inc.) MAC Address: 00:09:5B:3F:7D:5E (Netgear) Device type: WAP Running: Compaq embedded, Netgear embedded OS details: WAP: Compaq iPAQ Connection Point or Netgear MR814 Nmap run completed -- 1 IP address (1 host up) scanned in 13.750 seconds Other changes include more service fingerprints, a number of crash fixes, better OS detection names, portability fixes, and more. Here is the CHANGELOG since 3.50: o Added MAC address printing. If Nmap receives packet from a target machine which is on an Ethernet segment directly connected to the scanning machine, Nmap will print out the target MAC address. Nmap also now contains a database (derived from the official IEEE version) which it uses to determine the vendor name of the target ethernet interface. The Windows version of Nmap does not yet have this capability. If any Windows developer types are interesting in adding it, you just need to implement IPisDirectlyConnected() in tcpip.cc and then please send me the patch. Here are examples from normal and XML output (angle brackets replaced with [] for HTML changelog compatability): MAC Address: 08:00:20:8F:6B:2F (SUN Microsystems) [address addr="00:A0:CC:63:85:4B" vendor="Lite-on Communications" addrtype="mac" /] o Updated the XML DTD to support the newly printed MAC addresses. Thanks to Thorsten Holz (thorsten.holz(a)mmweg.rwth-aachen.de) for sending this patch. o Added a bunch of new and fixed service fingerprints for version detection. These are from Martin MaÚok (martin.macok(a)underground.cz). o Normalized many of the OS names in nmap-os-fingerprints (fixed capitalization, typos, etc.). Thanks to Royce Williams (royce(a)alaska.net) and Ping Huang (pshuang(a)alum.mit.edu) for sending patches. o Modified the mswine32/nmap_performance.reg Windows registry file to use an older and more compatable version. It also now includes the value "StrictTimeWaitSeqCheck"=dword:00000001 , as suggested by Jim Harrison (jmharr(a)microsoft.com). Without that latter value, the TcpTimedWaitDelay value apparently isn't checked. Windows users should apply the new registry changes by clicking on the .reg file. Or do it manually as described in README-WIN32. This file is also now available in the data directory at http://www.insecure.org/nmap/data/nmap_performance.reg o Applied patch from Gisle Vanem (giva(a)bgnett.no) which allows the Windows version of Nmap to work with WinPCAP 3.1BETA (and probably future releases). The Winpcap folks apparently changed the encoding of adaptor names in this release. o Fixed a ping scanning bug that would cause this error message: "nmap: targets.cc:196: int hostupdate (Target **, Target *, int, int, int, timeout_info *, timeval *, timeval *, pingtune *, tcpqueryinfo *, pingstyle): Assertion `pt->down_this_block > 0' failed." Thanks to Beirne Konarski (beirne(a)neo.rr.com) for reporting the problem. o If a user attempts -PO (the letter O), print an error suggesting that they probably mean -P0 (Zero) to disable ping scanning. o Applied a couple patches (with minor changes) from Oliver Eikemeier (eikemeier(a)fillmore-labs.com) which fix an edge case relating to decoy scanning IP ranges that must be sent through different interfaces, and improves the Nmap response to certain error codes returned by the FreeBSD firewall system. The patches are from http://cvsweb.freebsd.org/ports/security/nmap/files/ . o Many people have reported this error: "checking for type of 6th argument to recvfrom()... configure: error: Cannot find type for 6th argument to recvfrom()". In most cases, the cause was a missing or broken C++ compiler. That should now be detected earlier with a clearer message. o Fixed the FTP bounce scan to better detect filered ports on the target network. o Fixed some minor bugs related to the new MAC address printing feature. o Fixed a problem with UDP-scanning port 0, which was reported by Sebastian Wolfgarten (sebastian(a)wolfgarten.com). o Applied patch from Ruediger Rissmann (RRI(a)zurich.ibm.com), which helps Nmap understand an EACCESS error, which can happen at least during IPv6 scans from certain platforms to some firewalled targets. o Renamed ACK ping scan option from -PT to -PA in the documentation. Nmap has accepted both names for years and will continue to do so. o Removed the notice that Nmap is reading target specifications from a file or stdin when you specify the -iL option. It was sometimes printed to stdout even when you wanted to redirect XML or grepable output there, because it was printed during options processing before output files were handled. This change was suggested by Anders Thulin (ath(a)algonet.se). o Added --source_port as a longer, but hopefully easier to remember, alias for -g. In other words, it tries to use the constant source port number you specify for probes. This can help against poorly configured firewalls that trust source port 20, 53, and the like. o Removed undocumented (and useless) -N option. o Fixed a version detection crash reported in excellent detail by Jedi/Sector One (j(a)pureftpd.org). o Applied patch from Matt Selsky (selsky(a)columbia.edu) which helps Nmap build with OpenSSL. o Modified the configure/build system to fix library ordering problems that prevented Nmap from building on certain platforms. Thanks to Greg A. Woods (woods(a)weird.com) and Saravanan (saravanan_kovai(a)HotPop.com) for the suggestions. o Applied a patch to Makefile.in from Scott Mansfield (thephantom(a)mac.com) which enables the use of a DESTDIR variable to install the whole Nmap directory structure under a different root directory. The configure --prefix option would do the same thing in this case, but DESTDIR is apparently a standard that package maintainers like Scott are used to. An example usage is "make DESTDIR=/tmp/packageroot". o Removed unnecessary banner printing in the non-root connect() ping scan. Thanks to Tom Rune Flo (tom(a)x86.no) for the suggestion and a patch. o Updated the headers at the top of each source file (mostly to advance the copyright year to 2004 and note that Nmap is a registered trademark). As usual, 3.55 is available from http://www.insecure.org/nmap/nmap_download.html , including Windows (.zip format) binaries. For the more paranoid (smart) members of the list, here are the md5 hashes: ee77bc8a64e0bfb931cb3947e5813038 nmap-3.55-1.i386.rpm 5509246e00ae24f4325f3b92102d34a3 nmap-3.55-1.src.rpm 88b5f010f43b0e2ee0c2cfb468796aa9 nmap-3.55.tar.bz2 cfebe22d1fb2a4eaea144c8dbbc0aa30 nmap-3.55.tgz e949755a80bb2a7cbe10a53069686442 nmap-3.55-win32.zip 1df56ab6f787e980543f38cf963d4b3d nmap-frontend-3.55-1.i386.rpm These release notes should be signed with my PGP key, which is available at http://www.insecure.org/fyodor_gpgkey.txt . The key fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E Enjoy! And please let me know if you find any problems. Cheers, Fyodor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iQCVAwUBQOu4MM4dPqJTWH2VAQFE1wQAvjNB04TqsoJEkJoEdroO+IW0HZk+WwAF QxSUwqWg0R0GcAQKtLDUd3HUY5fzSldwfcMTyOeZ09pDof4B+6vqx4FjDEiHSoX3 l85LpzkIgwjJIo9VEa/iDVcdP5zzIEyOSSUb+zYD99NWmpe+Q0HVPO78Mh3kn4cI 3iewmrSLYg4= =Dt41 -----END PGP SIGNATURE----- -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List archive: http://seclists.org
Current thread:
- Nmap 3.55 Released Fyodor (Jul 07)