Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Nmap 2.3BETA4

Nmap 2.3BETA4

From: Fyodor <fyodor_at_dhp.com>
Date: Mon, 30 Aug 1999 06:22:18 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----

Just when you were thinking a new Nmap version would never come along ...

I'm happy to announce Nmap 2.3BETA4 . The most interesting new change is
direct (non-portmapper) RPC scanning. This allows you to obtain 'rpcinfo
- -p' type of information even when your target has firewalled portmapper.
This is a good way to locate cmsd, tooltalkd, statd, etc. on your
networks. RPC scanning is activated by -sR; here is an example session
against a stock Solaris 7 box:

amy# ./nmap -sRUS -p 7,9,13,19,21,23,25,37,42,79,111,32760-32785 xanadu
Starting nmap V. 2.3BETA1 by Fyodor
(fyodor_at_dhp.com,www.insecure.org/nmap/)
Interesting ports on xanadu.yuma.net (192.168.0.10):
Port State Protocol Service (RPC)
7 open udp echo (Non-RPC)
7 open tcp echo (Non-RPC)
9 open udp discard (Non-RPC)
9 open tcp discard (Non-RPC)
13 open udp daytime (Non-RPC)
13 open tcp daytime (Non-RPC)
19 open udp chargen (Non-RPC)
19 open tcp chargen (Non-RPC)
21 open tcp ftp (Non-RPC)
23 open tcp telnet (Non-RPC)
25 open tcp smtp (Non-RPC)
37 open udp time (Non-RPC)
37 open tcp time (Non-RPC)
42 open udp nameserver (Non-RPC)
79 open tcp finger (Non-RPC)
111 open udp sunrpc (portmapper V2-4)
111 open tcp sunrpc (portmapper V2-4)
32771 open udp (Non-RPC)
32771 open tcp (status V1)
32772 open udp (status V1)
32772 open tcp (Non-RPC)
32773 open udp (sadmind V10)
32773 open tcp (ttdbserverd V1)
32774 open udp (rquotad V1)
32774 open tcp (Non-RPC)
32775 open udp (rusersd V2-3)
32775 open tcp (cachefsd V1)
32776 open udp (sprayd V1)
32776 open tcp (Non-RPC)
32777 open udp (walld V1)
32777 open tcp (cmsd V2-5)
32778 open udp (rstatd V2-4)
32779 open udp (cmsd V2-5)

Nmap run completed -- 1 IP address (1 host up) scanned in 30 seconds
amy#

I gave an explicit port list because UDP scanning takes _forever_ against
Solaris:(. Look at all those juicy RPC services at the end -- count the
root holes :).

Many thanks go to ga <ga_at_capyork.com> for writing sample code to
demonstrate the technique. The RPC services list included with
nmap was compiled by Vik Bajaj <vbajaj_at_sas.upenn.edu> with help from
various members of this list.

This version also contains many new and improved OS fingerprints. Thanks
to everyone for keeping those coming in!

A few more changes:

** Fixed a problem that could cause freezes when you
   scan machines on at least two different types of interfaces as part
   of the same command.

** Identified and found workaround for Linux kernel bug which allows
   connect() to sometimes succeed inapropriately when scanning closed
   ports on localhost.

** Fixed problems relating to people who specify the same port more
   than once on the command line. While the right answer is "well,
   don't do that!", I decided to fix nmap to handle this gracefully.

** Tweaked UDP scanning to be more effective against Solaris ICMP
   error limiting.

** Fixed strtol() integer overflow problem found by Renaud
   Deraison <deraison_at_cvs.nessus.org>

** The HTML translation of the Man page at
   http://www.insecure.org/nmap/nmap_manpage.html should now be
   complete (man2html was dropping lines before).

** Added a note in the man page that Nmap 2.0+ is believed to be
   COMPLETELY Y2K COMPLIANT! I've been getting a lot of letters from
   laywers about that recently. You should still be able to port scan on
   Jan 1st (well ... as long as you have electricity and gangs of looting
   thugs haven't stolen your computers :)

Please let me know if you guys find any problems! That is the purpose of
beta releases after all.

Cheers,
Fyodor

 --
Fyodor 'finger pgp_at_pgp.insecure.org | pgp -fka'
"The percentage of users running Windows NT Workstation 4.0 whose PCs
 stopped working more than once a month was less than half that of Windows
 95 users." -- microsoft.com/NTWorkstation/Basics/Features/Reliability/

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBN8pbXM4dPqJTWH2VAQHZ3AQAlUqjQmyGY2qX9KZ2WPwzQ0xzoweVzkxM
+tbSMrMFir6Jm+OB078wIqakgcFDEzlpdPTa6ls56KgbCAEjHowLAggzjc61XK2n
HNg8UbCD+AqqeOddviAuDjWNbeRWZdK1BLwtdPZB4fZmy7ZdkFZGAX3a3aVd37/a
JHSZdDynbz0=
=erky
-----END PGP SIGNATURE-----
Received on Aug 30 1999

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos