Home page logo

Nmap Announce mailing list archives

Nmap 3.30; Kids: don't try this at home!
From: Fyodor <fyodor () insecure org>
Date: Sun, 29 Jun 2003 23:34:43 -0700


Hello everyone,

I have decided to start with a public service announcement.  The
British Computer Society and Scotland Yard Computer Crime Unit have
analyzed the Matrix:Reloaded and put forth the following warning for
young viewers:

"Viewers of the new box office blockbuster Matrix Reloaded should not
 be tempted to emulate the realistic depiction of computer hacking,
 warns the British Computer Society (BCS). Many computer experts are
 sufficiently concerned over the accuracy of some of the computing
 scenes in the film to alert young computing enthusiasts of the
 illegality of hacking and of the tough prison sentences that are now
 being handed out to perpetrators of this serious crime.... Although
 Hollywood likes to glamorise hacking, and this movie would appear to
 be more accurate than many by showing the use of actual network
 mapping software, it should not be as simple as it can be made to
 appear." -- http://www1.bcs.org.uk/DocsRepository/04900/4992/matrix.htm

And speaking of actual network mapping software, I am pleased to
announce the release of Nmap 3.30.  This release offers substantial OS
detection improvements.  In particular, it includes the biggest
fingerprint update ever (thanks for all the submissions!).  It also
includes a brand new OS classification scheme, and I have made Nmap
more willing to guess the OS when no exact match is found.  And while
I was working on OS fingerprinting, Peter Marschall sent me another
huge NmapFE patch that dramatically improves this X-Window GUI
interface to Nmap.  Here are the full details from the CHANGELOG:

o Implemented the largest-ever OS fingerprint update!  Roughly 300
  fingerprints were added/modified.  These massive changes span the
  gamut from AIX 5.1 to the ZyXEL Prestige broadband router line.
  Notable updates include OpenBSD 3.3, FreeBSD 5.1, Mac OS X 10.2.6,
  Windows 2003 server, and more WAPs and broadband routers than you
  can shake a stick at.  Someone even submitted a fingerprint for
  Debian Linux running on the Microsoft Xbox.  You have to love that
  irony :).  Thanks to everyone who submitted fingerprints using the
  URL Nmap gives you when it gets a clean reading but is stumped.  The
  fingerprint DB now contains almost 1000 fingerprints.

o Went through every one of the fingerprints to normalize the
  descriptions a bit.  I also looked up what all of the devices are
  (thanks E*Bay and Google!).  Results like "Nexland ISB Pro800 Turbo"
  and "Siemens 300E Release 6.5" are much more useful when you add the
  words "cable modem" and "business phone system"

o Added a new classification system to nmap-os-fingerprints.  In
  addition to the standard text description, each entry is now
  classified by vendor name (e.g. Sun), underlying OS (e.g. Solaris),
  OS generation (e.g. 7), and device type ("general purpose", router,
  switch, game console, etc).  This can be useful if you want to (say)
  locate and eliminate the SCO systems on a network, or find the
  wireless access points (WAPs) by scanning from the wired side.

o Classification system described above is now used to print out a
  "device type" line and OS categories for matches.  The free-form
  English details are still printed as well.  Nmap can sometimes
  provide classifications even where it used to provide nothing
  because of "too many matches".  These have been added to XML output
  as well.  They are not printed for the "grepable output", as I
  consider that format deprecated.

o Nmap will now sometimes guess in the "no exact matches" case, even
  if you don't use the secret --osscan_guess or -fuzzy options.

o Applied another huge NmapFE patch from Peter Marschall
  (peter(a)adpm.de).  This revamps the interface to use a tabbed
  format that allows for many more Nmap options to be used.  It also
  cleans up some crufty parts of the code.  Let me and Peter know what
  you think (and if you encounter any problems).

o Windows and Amiga ports now use packet receive times from libpcap.
  Let me know if you get any "time computation problem" errors.

o Updated version of the Russian man page translation from Alex Volkov

For those of you running Linux/x86 w/a recent version of rpm
(www.rpm.org), you can install/upgrade to the newest version of
nmap/nmapfe by executing these commands as root:

rpm -vhU (nmap url)
where (nmap url) is one (or both) of these:


For the rest of you, source tarballs and source RPMs are always
available at: http://www.insecure.org/nmap/nmap_download.html .  That
page also notes sources of binary packages for common operating

For the more paranoid (smart) members of the list, here are the md5

b1f82b9114c63c35acde515acf928ccc  nmap-3.30-1.i386.rpm
639fc1c91f48319eca97401e74f9c90e  nmap-3.30.tar.bz2
7790fdc81dd8071abaa53f21f874ce12  nmap-3.30.tgz
ec4b4f563488eef4ae4abd0f79f5ac83  nmap-3.30-win32.zip
806420a1a8b8a118f42dc519fce3bcb2  nmap-frontend-3.30-1.i386.rpm

These release notes should be signed with my PGP key, which is
available at http://www.insecure.org/fyodor_gpgkey.txt .
The key fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E


Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org


For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
  • Nmap 3.30; Kids: don't try this at home! Fyodor (Jun 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]