Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Fyodor (fyodorinsecure.org)
Date: Mon Jul 09 2001 - 04:44:49 CDT
I am happy to announce that Nmap 2.54BETA26 is now available. The
coolest feature is a new scan type -- Idlescan! I'll send more info
in a day or two, but the quick synopsis is that this is a completely
blind scan (meaning no packets are sent to the target from your real
IP address). Instead, a unique side-channel attack exploits
predictable "IP fragmentation ID" sequence generation on the zombie
host to glean information about the open ports on the target. The
technique was invented by Antirez a while back.
The other cool feature of Idlescan is that it permits mapping out
IP-based trust relationships between machines. I'll send more info
about Idlescan in a couple days. But advanced Nmap users can try it
out now if you wish. Usage is "-sI <zombiehost>". Among other
requirements, the zombie host you select must be up and it should not
be engaging in very much network traffic.
I also recently redesigned the web page to conserve bandwidth and
speed load times. I hope you like the new organization. If not, feel
free to make suggestions.
Here are the 2.54BETA26 CHANGELOG entries:
-- Added Idlescan (IPID blind scan). The usage syntax is
-- Fixed a bunch of fingerprints that were corrupt due to violations
of the fingerprint syntax/grammar (problems were found by Raymond
Mercier of VIGILANTe )
-- Fixed command-line option parsing bug found
by "m r rao" (mrraodel3.vsnl.net.in )
-- Fixed an OS fingerprinting bug that caused many extra packets to be
sent if you request a lot of decoys.
-- Added some debug code to help diagnose the "Unknown datalink type"
error. If Nmap is giving you this error, please send the following
info to fyodorinsecure.org :
1) The full output from Nmap (including the command arguments)
2) What OS and OS version are you using
3) What type of adaptor are you using (modem, ethernet, FDDI, etc)
-- Added a bunch of IDS sensor/console/agent port numbers from
Patrick Mueller (pmuellerneohapsis.com)
For those of you running Linux/x86 w/a recent version of rpm
(www.rpm.org), you can install/upgrade to the newest version of
nmap/nmapfe with these commands:
rpm -vhU (nmap url)
where (nmap url) is one (or both) of these:
source tarballs and source RPMs are always available at:
For the more paranoid (smart) members of the list, here are the md5
[ Yes, I should really GPG sign this email too ]
Please let me know if you find any problems.
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-helpinsecure.org . List run by ezmlm-idx (www.ezmlm.org).