Hello everyone,

I am happy to announce that Nmap 2.54BETA26 is now available. The
coolest feature is a new scan type -- Idlescan! I'll send more info
in a day or two, but the quick synopsis is that this is a completely
blind scan (meaning no packets are sent to the target from your real
IP address). Instead, a unique side-channel attack exploits
predictable "IP fragmentation ID" sequence generation on the zombie
host to glean information about the open ports on the target. The
technique was invented by Antirez a while back.

The other cool feature of Idlescan is that it permits mapping out
IP-based trust relationships between machines. I'll send more info
about Idlescan in a couple days. But advanced Nmap users can try it
out now if you wish. Usage is "-sI <zombiehost>". Among other
requirements, the zombie host you select must be up and it should not
be engaging in very much network traffic.

I also recently redesigned the web page to conserve bandwidth and
speed load times. I hope you like the new organization. If not, feel
free to make suggestions.

Here are the 2.54BETA26 CHANGELOG entries:

-- Added Idlescan (IPID blind scan). The usage syntax is
   "-sI <zombie>".

-- Fixed a bunch of fingerprints that were corrupt due to violations
   of the fingerprint syntax/grammar (problems were found by Raymond
   Mercier of VIGILANTe )

-- Fixed command-line option parsing bug found
   by "m r rao" (mrraodel3.vsnl.net.in )

-- Fixed an OS fingerprinting bug that caused many extra packets to be
   sent if you request a lot of decoys.

-- Added some debug code to help diagnose the "Unknown datalink type"
   error. If Nmap is giving you this error, please send the following
   info to fyodorinsecure.org :
   1) The full output from Nmap (including the command arguments)
   2) What OS and OS version are you using
   3) What type of adaptor are you using (modem, ethernet, FDDI, etc)

-- Added a bunch of IDS sensor/console/agent port numbers from
   Patrick Mueller (pmuellerneohapsis.com)

For those of you running Linux/x86 w/a recent version of rpm
(www.rpm.org), you can install/upgrade to the newest version of
nmap/nmapfe with these commands:

rpm -vhU (nmap url)
where (nmap url) is one (or both) of these:

http://download.insecure.org/nmap/dist/nmap-2.54BETA26-1.i386.rpm
http://download.insecure.org/nmap/dist/nmap-frontend-0.2.54BETA26-1.i386.rpm

source tarballs and source RPMs are always available at:
http://www.insecure.org/nmap/#download

For the more paranoid (smart) members of the list, here are the md5
hashes:

f75762a1678e6f34de96adb95e440a97 nmap-2.54BETA26-1.i386.rpm
b9f1fe8fdd53d50a38fa8df046aacf4d nmap-2.54BETA26-1.src.rpm
9fa0305c82c53576f241dcc8d21b8b60 nmap-2.54BETA26.tgz
6578182786022e32de8bf33fb6060ff5 nmap-frontend-0.2.54BETA26-1.i386.rpm

[ Yes, I should really GPG sign this email too ]

Please let me know if you find any problems.

Cheers,
Fyodor

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]