Author Topic: New Nmap Version  (Read 4792 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
New Nmap Version
« on: September 07, 2005, 11:57:32 am »
NMap 3.84 Alpha 2 is out for testing.  See bolded line:

Quote

Nmap developers,

I'm pleased to another another private ALPHA release.  3.84ALPHA2 is
now available from:

http://www.insecure.org/nmap/dist/nmap-3.84ALPHA2.tar.bz2
http://www.insecure.org/nmap/dist/nmap-3.84ALPHA2-win32.zip

As always, GPG sigs are at:
http://www.insecure.org/nmap/dist/sigs/?C=M;O=D

My current plan is to do a stable release based on this in the next
day or two.  So please give it a whirl and let me know if you find any
problems.  Here are the changes since ALPHA1:

o Fixed crash when Nmap is compiled using gcc 4.X by adding the
  --fno-strict-aliasing option when that compiler is detected.  Thanks
  to Greg Darke (starstuff(a)optusnet.com.au) for discovering that
  this option fixes (hides) the problem and to Duilio J. Protti
  (dprotti(a)flowgate.net) for writing the configure patch to detect
  gcc 4 and add the option.  A better fix is to identify and rewrite
  lines that violate C99 alias rules, and we are looking into that.

o Applied an enormous nmap-service-probes (version detection) update
  from SoC student Doug Hoyte (doug(a)hcsw.org).  Version 3.81 had
  1064 match lines covering 195 service protocols.  Now we have 2865
  match lines covering 359 protocols!  So the database size has nearly
  tripled!  This should make your -sV scans quicker and more
  accurate.  Thanks also go to the (literally) thousands of you who
  submitted service fingerprints.  Keep them coming!

o Added "rarity" feature to Nmap version detection.  This causes
  obscure probes to be skipped when they are unlikely to help.  Each
  probe now has a "rarity" value.  Probes that detect dozens of
  services such as GenericLines and GetRequest have rarity values of
  1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9.
  When interrogating a port, Nmap always tries probes registered to
  that port number.  So even WWWOFFLEctrlstat will be tried against
  port 8081 and mydoom will be tried against open ports between 3127
  and 3198.  If none of the registered ports find a match, Nmap tries
  probes that have a rarity less than or equal to its current
  intensity level.  The intensity level defaults to 7 (so that most of
  the probes are done).  You can set the intensity level with the new
  --version_intensity option.  Alternatively, you can just use
  --version_light or --version_all which set the intensity to 2 (only
  try the most important probes and ones registered to the port
  number) and 9 (try all probes), respectively.  --version_light is
  much faster than default version detection, but also a bit less
  likely to find a match.  This feature was designed and implemented
  by Doug Hoyte (doug(a)hcsw.org).

o Added a "fallback" feature to the nmap-service-probes database.
  This allows a probe to "inherit" match lines from other probes.  It
  is currently only used for the HTTPOptions, RTSPRequest, and
  SSLSessionReq probes to inherit all of the match lines from
  GetRequest.  Some servers don't respond to the Nmap GetRequest (for
  example because it doesn't include a Host: line) but they do respond
  to some of those other 3 probes in ways that GetRequest match lines
  are general enough to match.  The fallback construct allows us to
  benefit from these matches without repeating hundreds of signatures
  in the file.  This is another feature designed and implemented
  by Doug Hoyte (doug(a)hcsw.org).

o Fixed crash with certain --excludefile or
  --exclude arguments.  Thanks to Kurt Grutzmacher
  (grutz(a)jingojango.net) and pijn trein (ptrein(a)gmail.com) for
  reporting the problem, and to Duilio J. Protti
  (dprotti(a)flowgate.net) for debugging the issue and sending the
  patch.

o Applied pach from Steve Martin (smartin(a)stillsecure.com) which
  standardizes many OS names and corrects typos in nmap-os-fingerprints.

o Fixed a crash found during certain UDP version scans.  The crash was
  discovered and reported by Ron (iago(a)valhallalegends.com) and fixed
  by Doug Hoyte (doug(a)hcsw.com).


o Added --iflist argument which prints a list of system interfaces and
  routes detected by Nmap.

o Fixed a protocol scan (-sO) problem which led to the error message:
  "Error compiling our pcap filter: syntax error".  Thanks to Michel
  Arboi (michel(a)arboi.fr.eu.org) for reporting the problem.

o Fixed an Nmap version detection crash on Windows which led to the
  error message "Unexpected error in NSE_TYPE_READ callback.  Error
  code: 10053 (Unknown error)".  Thanks to Srivatsan
  (srivatsanp(a)adventnet.com) for reporting the problem.

o Fixed some misspellings in docs/nmap.xml reported by Tom Sellers
  (TSellers(a)trustmark.com).

o Updated random scan (ip_is_reserved()) to reflect the latest IANA
  assignments.  This patch was sent in by

Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: New Nmap Version
« Reply #1 on: September 07, 2005, 03:36:45 pm »
iago, alpha tester extraordinaire!
And like a fool I believed myself, and thought I was somebody else...

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: New Nmap Version
« Reply #2 on: September 07, 2005, 07:11:11 pm »
You're my hero. Really.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline RoMi

  • x86
  • Hero Member
  • *****
  • Posts: 502
  • gg no re
    • View Profile
Re: New Nmap Version
« Reply #3 on: September 07, 2005, 08:32:13 pm »
First Bleeding Rules then this, if only there were more iago's.
-RoMi

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: New Nmap Version
« Reply #4 on: September 07, 2005, 10:59:23 pm »
First Bleeding Rules then this, if only there were more iago's.

There are.  They're what makes OpenSource work!

Offline zorm

  • Hero Member
  • *****
  • Posts: 591
    • View Profile
    • Zorm's Page
Re: New Nmap Version
« Reply #5 on: September 11, 2005, 03:03:59 am »
Pssh, let us know when you get your name on something cool.
"Frustra fit per plura quod potest fieri per pauciora"
- William of Ockham

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: New Nmap Version
« Reply #6 on: September 11, 2005, 03:04:27 am »
On a side note, nmap 3.90 is out. :p
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: New Nmap Version
« Reply #7 on: September 11, 2005, 01:31:30 pm »
On a side note, nmap 3.90 is out. :p

On a better sidenote, nmap 3.91 is out :-P

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: New Nmap Version
« Reply #8 on: September 11, 2005, 01:44:17 pm »
I hate you. I meant stable! -.-
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: New Nmap Version
« Reply #9 on: September 11, 2005, 02:04:29 pm »
3.91 is more stable than 3.90.  It fixes some crashes!

Quote
My goal is to get a truly stable version out there that
can last a while, so that I can get back to breaking stuff, adding
cool features, and generally preparing for Nmap 4.0 (which may be
ready for release this year)!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: New Nmap Version
« Reply #10 on: September 12, 2005, 05:48:22 pm »
Nmap 3.92 and 3.92 were released (about 1.5 hours apart) today:

Quote
I hope this release lasts longer than an hour and a half!  At the rate
you guys are finding problems, Nmap 4.0 will be released whether I
like it or not in, oh, about 6 hours  :) .  I have removed all traces of
3.92 from the dist directory and CHANGELOG, and placed new
windows/linux binaries and tarballs of 3.93 in its place.  You guys
know the drill:

http://www.insecure.org/nmap/dist/?C=M&O=D

The changes are just the one-character fix to the "--send_ip -P0"
problem discovered by Richard Moore, and a workaround to the bogus
compiler warning reported by Richard Sammet.

Please let me know if you discover any problems.  You'll get longer to
test this release, 'cause its 4AM here and I'm going to bed!  When I
wake up, 3.93 will either go public, or you'll get a shiny new 3.94,
depending on how your testing goes.

Thanks,
Fyodor


________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev



Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: New Nmap Version
« Reply #11 on: September 14, 2005, 04:03:54 am »
Quote
Nmap 3.92 and 3.92

if(3.92 != 3.92) {
  world.end();
}
I'd personally do as Joe suggests

You might be right about that, Joe.