Home page logo
/

Nmap Announce mailing list archives

Nmap 3.48: Service fingerprints galore!
From: Fyodor <fyodor () insecure org>
Date: Mon, 6 Oct 2003 02:23:21 -0700

-----BEGIN PGP SIGNED MESSAGE-----

Hello everyone,

I spent the last couple weeks integrating TONS of submitted service
fingerprints as well as a number of great patches (mostly portability
related) that have been sent.  Wow!  In the first two days after
the 3.45 release, you guys made more than 800 submissions!  Now there
are nearly 2000 total.  I still have more to integrate before I am
caught up, but I don't want to delay this release any
longer.  Please keep the submissions coming!  Even though I am behind
at the moment, I will get to all the submissions.

The service detection release has been so successful that I am
already working on the next major feature!  It will be called "bomb
scan" (-sB) and utilize the technology described in this article:

http://students.cs.byu.edu/~emcnabb/computerbomb.jpg

I am still deciding on the command-line API for this.  Considering the
severity of the attack, I might want to require an -f (force) option
like rm has.  It would be a shame for people to die because a tired
sysadmin pressed -sB when he meant -sN (NULL scan).  On the other
hand, UNIX was not designed to coddle the weak.  If you accidently
obliterate one of your subsidiary companies with a bomb scan of their
/16, that will teach you to be more careful next time!

In more serious news, I am pleased to release Nmap 3.48.  Besides
nearly DOUBLING the Nmap version detection database size to 663
signatures thanks to your submissions, this version improves some
version detection algorithms to provide more accurate results more
quickly.  I have also added "helper functions" to the file format for
dealing with UNICODE encoding of normal ASCII strings and several
other strange issues.  3.48 also offers many bugfixes to resolve both
runtime errors and compilation problems.

Note that 3.46 and 3.47 were "informal" releases sent to nmap-dev for
testing.  If you are interested in that sort of early release,
subscribe by sending a blank email to nmap-dev-subscribe () insecure org
.  Or read the archives on http://lists.insecure.org .

As usual, 3.48 is available from
http://www.insecure.org/nmap/nmap_download.html , including Windows
(.zip format) binaries.

For the more paranoid (smart) members of the list, here are the md5
hashes:

6235bed7670833e971ece3d560ab4bf6  nmap-3.48-1.i386.rpm
a1eb700d736ce475db9dd8259b90c42c  nmap-3.48-1.src.rpm
8c38559a863efd476c5b042123f1ee3a  nmap-3.48.tar.bz2
e8be0d30326ba0af5e07d3593609143c  nmap-3.48.tgz
99d04fd44c34ab1eabb1a15c80f232e7  nmap-3.48-win32.zip
125b65a40b2bcb8c7acc399e8fa206fd  nmap-frontend-3.48-1.i386.rpm

These release notes should be signed with my PGP key, which is
available at http://www.insecure.org/fyodor_gpgkey.txt .  The key
fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E

Enjoy!  And please let me know if you find any problems.  Here are the
major changes since 3.45:

o Integrated an enormous number of version detection service
  submissions.  The database has almost doubled in size to 663
  signatures representing the following 130 services: 
    3dm-http afp apcnisd arkstats bittorent chargen citrix-ica
    cvspserver cvsup dantzretrospect daytime dict directconnect domain
    echo eggdrop exec finger flexlm font-service ftp ftp-proxy gnats
    gnutella-http hddtemp hp-gsg http http-proxy hylafax icecast ident
    imap imaps imsp ipp irc ircbot irc-proxy issrealsecure jabber
    kazaa-http kerberos-sec landesk-rc ldap linuxconf lmtp lotusnotes
    lpd lucent-fwadm meetingmaker melange microsoft-ds microsoft-rdp
    mldonkey msactivesync msdtc msrpc ms-sql-m mstask mud mysql
    napster ncacn_http ncp netbios-ns netbios-ssn netrek netsaint
    netstat netwareip networkaudio nntp nsclient nsunicast ntop-http
    omniback oracle-mts oracle-tns pcanywheredata pksd pmud pop2 pop3
    pop3s poppass postgresql powerchute printer qotd redcarpet
    rendezvous rlogind rpc rsync rtsp sdmsvc sftp shell shivahose
    sieve slimp3 smtp smux snpp sourceoffice spamd ssc-agent ssh ssl
    svrloc symantec-av symantec-esm systat telnet time tinyfw upnp
    uucp veritasnetbackup vnc vnc-http vtun webster whois wins
    winshell wms X11 xfce zebra

o Added the ability to execute "helper functions" in version
  templates, to help clean up/manipulate data captured from a server
  response.  The first defined function is P() which includes only
  printable characters in a captured string.  The main impetus for
  this is to deal with unicode strings like
  "W\0O\0R\0K\0G\0R\0O\0U\0P\0" that many MS protocols send.  Nmap can
  now decode that into "WORKGROUP".

o Added SUBST() helper function, which replaces strings in matched
  appname/version/extrainfo strings with something else.  For example,
  VanDyke Vshell gives a banner that includes
  "SSH-2\.0-VShell_2_2_0_528".  A substring match is used to pick out
  the string "2_2_0_528", and then SUBST(1,"_",".") is called on that
  match to form the version number 2.2.0.528.

o If responses to a probe fail to match any of the registered match
  strings for that probe, Nmap will now try against the registered "null
  probe" match strings.  This helps in the case that the NULL probe
  initially times out (perhaps because of initial DNS lookup) but the
  banner appears in later responses.

o Applied some portability fixes (particularly for OpenBSD) from Chad
  Loder (cloder(a)loder.us), who is also now the OpenBSD Nmap port
  maintainer.

o Applied some portability fixes from Marius Strobl
  (marius(a)alchemy.franken.de).

o The tarball distribution of Nmap now strips the binary at install
  time thanks to a patch from Marius Strobl
  (marius(a)alchemy.franken.de).

o Fixed a problem related to building Nmap on systems that lack PCRE
  libs (and thus have to use the ones included by Nmap).  Thanks to Remi
  Denis-Courmont (deniscr6(a)cti.ecp.fr) for the repot and patch.

o Alphebetized the service names in each Probe section in
  nmap-service-probes (makes them easier to find and add to).

o Fixed the problem several people reported where Nmap would quit with
  a "broken pipe" error during service scanning.  Thanks to Jari Ruusu
  (jari.ruusu(a)pp.inet.fi) for sending a patch.  The actual error
  message was "Unexpected error in NSE_TYPE_READ callback.  Error
  code: 32 (Broken pipe)"

o Fixed protocol scan (-sO), which I had broken when adding the new
  output table format.  It would complain "NmapOutputTable.cc:128:
  failed assertion `row < numRows'".  Thanks to Matt Burnett
  (marukka(a)mac.com) for notifying me of the problem.

o Upgraded Libpcap to the latest tcpdump.org version (0.7.2) from
  0.7.1

o Applied a patch from Peter Marschall (peter(a)adpm.de) which adds
  version detection support to nmapfe.

o Fixed a problem with XML output being invalid when service detection
  was done on SSL-tunneled ports.  Thanks to the several people who
  reported this - it means that folks are actually using the XML
  output :).

o Fixed (I hope) some Solaris Sune ONE compiler compilation problems
  reported (w/patches) by Mikael Mannstrom (candyman(a)penti.org)

o Fixed the --with-openssl configure option for people who have
  OpenSSL installed in a path not automatically found by their
  compilers.  Thanks to  Marius Strobl (marius(a)alchemy.franken.de) for
  the patch.

o Made some portability changes for HP-UX and possibly other types of
  machines, thanks to a patch from Petter Reinholdtsen (pere(a)hungry.com)

o Applied a patch from Matt Selsky (selsky () columbia edu) which fixes
  compilation on some Solaris boxes, and maybe others.  The error said
  "cannot compute sizeof (char)"

o Applied some patches from the NetBSD ports tree that Hubert Feyrer
  (hubert.feyrer(a)informatik.fh-regensburg.de) sent me.  The NetBSD
  Nmap ports page is at http://www.NetBSD.org/packages/net/nmap/ .

o Applied some Makefile patches from the FreeBSD ports tree that I
  found at http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/nmap/files/

Cheers,
- -Fyodor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBP4Ezas4dPqJTWH2VAQEG1QP/cDoEUF+O6ndYg1MCDd7B/bBVH6jzNcqo
Ncc9JElvuXqZu8wMedBJT8qQN8UDUOS0IHXsngverILIyRsPez4kXWsae6qViRVI
dxMKsMJmHgBM6UK/mJ2Z+LPTShhB9UHHXwrmo3AucAxfu4Nq9X9NvFkebEx7lsAt
/dqdQ40cGUs=
=Tfw6
-----END PGP SIGNATURE-----


--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).


  By Date           By Thread  

Current thread:
  • Nmap 3.48: Service fingerprints galore! Fyodor (Oct 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault