[ISN] Nmap 2 finally released!

From: mea culpa (jerichoat_private)
Date: Tue Dec 15 1998 - 04:39:44 PST

  • Next message: mea culpa: "[ISN] IBM to offer free e-mail protection software"

    [Moderator: If Fyodor's site is busy or slow, I have mirrored it at
     http://www.attrition.org/~jericho/nmap-2.00.tgz .. please attempt
     to download it from his site first.
     I'd also like to say that as a beta tester of nmap, this release
     is *incredible*. I wish people could see how much work Fyodor
     has put into the new version, testing, and adding the new features.
     I consider this to be one of the most beneficial scanning tools
     you can get, and rely on having a copy for all my remote network
     auditing. Thanks to Fyodor for the great work.]
    Forwarded From: Fyodor <fyodorat_private>
    I have just released version 2.00 of nmap, a program for network
    security auditing and general Internet exploration.  Almost all of the
    core code has been rewritten for better performance and accuracy, and
    many new features have been added.  Here are some of its current
    * You can have it do a fast parallel ping of all hosts on a network to
      determine which ones are up.  You can use the traditional ICMP echo
      request (ping), a TCP ACK packet, or a TCP SYN packet to probe for
      responses.  By default it uses both ACKs & ICMP pings to maximize
      the chance of sneaking through packet filters.  There is also a
      connect() version for under-privileged users.  The syntax for
      specifying what hosts should be scanned is quite flexible.
    * The hosts found to be up can be port scanned to determine what
      services are running.  Techniques you can use include the SYN
      (half-open) scan, FIN, Xmas, or Null stealth scans, connect scan
      (does not require root), FTP bounce attack, and UDP scan.  Options
      exist for common filter-bypassing techniques such as packet
      fragmentation and setting the source port number (to 20 or 53, for
      example).  It can also query a remote identd for the usernames that
      servers are running under.  You can select any (or all) port
      number(s) to scan, since you may want to just sweep the networks you
      run for 1 or 2 services recently found to be vulnerable.
    * Remote OS detection via TCP/IP fingerprinting allows you to
      determine what operating system release each host is running.  This
      functionality is similar to the awesome queso program, although nmap
      implements many new techniques.  I wrote an article about these
      techniques for the next Phrack, but the impatient can always read
      the source code.  In many cases, nmap can narrow down the OS to the
      kernel number or release version.  A database of ~100 fingerprints
      for common operating system versions is included, thanks to a couple
      dozen wonderful beta testers who worked on the last 19 private beta
    * TCP ISN sequence predictability lets you know what sequence
      prediction class (64K, time dependent, "true random", constant, etc)
      the host falls into.  A difficulty index is provided to tell you
      roughly how vulnerable the machine is to sequence prediction.
    * Decoy scans are also allowed.  The idea is that for every packet
      sent by nmap from your address, a similar packet is sent from each
      of the decoy hosts you specify.  This is useful due to the rising
      popularity of stealth port scan detection software.  If such
      software is used, it will generally report a dozen (or however many
      you choose) port scans from different addresses at the same time.
      It is very difficult to determine which address is doing the
      scanning, and which are simply innocent decoys.
    * There are many other features which are useful in special
      situations, see the documentation for full details.
    Nmap is quite portable, and has been reported to run on Linux,
    FreeBSD, OpenBSD, NetBSD, Solaris, IRIX, HP/UX, and BSDI.  It uses its
    own raw networking library for packet transmission, and the LBL
    Libpcap library for raw receives.
    Nmap is free software, distributed as source code under the terms of
    the GNU public license.  Comments, questions, and problems can be sent
    to fyodorat_private .  You are also encouraged to send me the
    fingerprints for operating systems it fails to detect (if at least one
    port is open and the machine is not behind a filtering firewall -- I
    want the reference fingerprints to be pristine).  Anything with a TCP
    stack is fair game for detection, including firewalls, palm pilots,
    'net cameras, etc.
    The newest version of nmap is always available at the nmap home page:
    http://www.insecure.org/nmap/ .  Check out the man page to learn how
    to do the things above and for examples of common usage.
    Fyodor                            'finger pgpat_private | pgp -fka'
    In a free and open marketplace, it would be surprising to have such an
    obviously flawed standard generate much enthusiasm outside of the criminal
    community.  --Mitch Stone on Microsoft ActiveX
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:54 PDT