[NTLUG:Discuss] [Fwd: Nmap 3.45: Version detection!]
MadHat
madhat at unspecific.com
Tue Sep 16 08:44:54 CDT 2003
While not Linux specific, nmap is a great tool for security on your
Linux box and it just got better. Now it will not only tell you if the
port is open, but what is running on the port by fingerprinting the
application. Not a new concept, but nice to have it all in one package.
-----Forwarded Message-----
> From: Fyodor <fyodor at insecure.org>
> To: nmap-hackers at insecure.org
> Subject: Nmap 3.45: Version detection!
> Date: Tue, 16 Sep 2003 01:20:30 -0700
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hello everyone,
>
> I haven't released a public Nmap version since 3.30 in June, but I
> haven't been slacking. Instead I decided to write a powerful and
> efficient version detection implementation. This means that instead
> of using a simple nmap-services table lookup to determine a port's
> likely purpose, Nmap 3.45 will (if asked) interrogate that TCP or UDP
> port to determine what service is really listening. In many cases it
> can determine the application name and version number as well.
> Obstacles like SSL encryption and Sun RPC are no threat, as Nmap can
> connect with OpenSSL (if available) as well as utilizing Nmap's RPC
> bruteforcer. IPv6 is also supported. You may recall that this was
> your highest priority feature in the May Nmap survey.
>
> Since I don't have room here to fully describe the motivations behind
> version detection, how it works, and how you can contribute your own
> service fingerprints, I wrote a paper on this topic:
>
> http://www.insecure.org/nmap/versionscan.html
>
> Now I didn't want to ruin your taste for version detection by
> releasing some half-assed initial implementation. So the last 17 Nmap
> releases have gone only to a dedicated group of beta testers and
> developers (see the paper above for details). I certainly won't claim
> it is bug-free, but it has been tested on a reasonably wide variety of
> systems, including Linux, Windows, OpenBSD, Mac OS X, etc. Also
> thanks to their efforts, this initial release ships with 387 service
> signatures representing 86 unique service protocols from afp, chargen,
> and cvspserver to wms and X11. That being said, the DB can certainly
> grow much larger! As with OS detection, Nmap will create a
> fingerprint and provide a submission URL for certain undetected
> services (again - read the paper).
>
> Using this new feature is as simple as adding "-sV" to your normal
> scan command line. Or you can add "-A" and get OS Detection too.
> Here is an example:
>
> # nmap -A -T4 -F www.insecure.org
>
> Starting nmap 3.45 ( http://www.insecure.org/nmap/ ) at 2003-09-16 01:01 PDT
> Interesting ports on www.insecure.org (205.217.153.53):
> (The 1206 ports scanned but not shown below are in state: filtered)
> PORT STATE SERVICE VERSION
> 22/tcp open ssh OpenSSH 3.1p1 (protocol 1.99)
> 25/tcp open smtp Qmail smtpd
> 53/tcp open domain ISC Bind 9.2.1
> 80/tcp open http Apache httpd 2.0.39 ((Unix) mod_perl/1.99_07-dev Perl/v5.6.1)
> 113/tcp closed auth
> Device type: general purpose
> Running: Linux 2.4.X|2.5.X
> OS details: Linux Kernel 2.4.0 - 2.5.20
> Uptime 117.523 days (since Wed May 21 12:28:41 2003)
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 35.744 seconds
>
> [ The paper provides more involved examples ]
>
> This release will answer another important question. What gets more
> press attention - important and powerful new features that improve
> Nmap for everyone, or some hot chick in leather using Nmap for 4
> seconds in a movie? I'm afraid the answer is obvious, but please help
> spread the word anyhow :).
>
> Note that there are a TON of changes in this release, so I recommend
> upgrading even if you don't care about version detection for some
> reason. The complete changelog entries are below.
>
> As usual, the latest warez are available from
> http://www.insecure.org/nmap/nmap_download.html .
>
> For the more paranoid (smart) members of the list, here are the md5
> hashes:
>
> 9219fe0907a83bddbfd1b99a21ba35ac nmap-3.45.tar.bz2
> a3b9bec1343b0d264ca936a0eac0ebff nmap-3.45.tgz
> fb5f05b6ed7afefbfab0ed3649103828 nmap-3.45-win32.zip
> abd3d5e69f1ba052bf37dcb78008340c nmap-3.45-1.i386.rpm
> 71df7e302682d55ef9e16f3bb1eb73b8 nmap-3.45-1.src.rpm
> 02da1d0defd702c2de02ee1df42d624a nmap-frontend-3.45-1.i386.rpm
>
> These release notes should be signed with my PGP key, which is
> available at http://www.insecure.org/fyodor_gpgkey.txt .
> The key fingerprint is: 97 2F 93 AB 9C B0 09 80 D9 51 40 6B B9 BC E1 7E
>
> Enjoy! And please let me know if you find any problems. I'll also be
> checking the service submission queue daily for new fingerprints!
> Here is the LONG list of changes in the 17 private releases since 3.30
> (all these releases are now available in the Nmap dist directory):
>
> Nmap 3.40PVT1
>
> o Initial implementation of service detection. Nmap will now probe
> ports to determine what is listening, rather than guessing based on
> the nmap-services table lookup. This can be very useful for
> services on unidentified ports and for UDP services where it is not
> always clear (without these probes) whether the port is really open
> or just firewalled. It is also handy for when services are run on
> the well-known-port of another protocol -- this is happening more
> and more as users try to circumvent increasingly strict firewall
> policies.
>
> o Nmap now uses the excellent libpcre (Perl Compatible Regular
> Expressions) library from http://www.pcre.org/ . Many systems
> already have this, otherwise Nmap will use the copy it now includes.
> If your libpcre is hidden away in some nonstandard place, give
> ./configure the new --with-libpcre=DIR directive.
>
> o Nmap now uses the C++ Standard Template Library (STL). This makes
> programming easier, but if it causes major portability or bloat
> problems, I'll reluctantly remove it.
>
> o Applied a patch from Javier Kohen (jkohen(a)coresecurity.com) which
> normalizes the names of many Microsoft entries in the
> nmap-os-fingerprints file.
>
> o Applied a patch by Florin Andrei (florin(a)sgi.com) to the Nmap RPM
> spec file. This uses the 'Epoch' flag to prevent the Redhat Network
> tool from marking my RPMs as "obsolete" and "upgrading" to earlier
> Redhat-built versions. A compilation flag problem is also fixed.
>
> Nmap 3.40PVT2
>
> o Nmap now has a simple VERSION detection scheme. The 'match' lines in
> nmap-service-probes can specify a template version string
> (referencing subexpression matches from the regex in a perl-like
> manner) so that the version is determined at the same time as the
> service. This handles many common services in a highly efficient
> manner. A more complex form of version detection (that initiates
> further communication w/the target service) may be necessary
> eventually to handle services that aren't as forthcoming with
> version details.
>
> o The Nmap port state table now wastes less whitespace due to using a new
> and stingy NmapOutputTable class. This makes it easier to read, and
> also leaves more room for version info and possibly other enhancements.
>
> o Added 's' option to match lines in nmap-service-probes. Just as
> with the perl 's' option, this one causes '.' in the regular
> expression to match any character INCLUDING newline.
>
> o The WinPcap header timestamp is no longer used on Windows as it
> sometimes can be a couple seconds different than gettimeofday() (which
> is really _ftime() on Windows) for some reason. Thanks to Scott
> Egbert (scott.egbert(a)citigroup.com) for the report.
>
> o Applied a patch by Matt Selsky (selsky(a)columbia.edu) which fixes
> configure.in in such a way that the annoying header file "present but
> cannot be compiled" warning for Solaris.
>
> o Applied another patch from Matt that (we hope) fixes the "present
> but cannot be compiled" warning -- this time for Mac OS X.
>
> o Port table header names are now capitalized ("SERVICE", "PORT", etc)
>
> Nmap 3.40PVT3
>
> o Nmap now prints a "service fingerprint" for services that it is
> unable to match despite returning data. The web submission page it
> references is not yet available.
>
> o Service detection now does RPC grinding on ports it detects to be
> running RPC.
>
> o Fixed a bug that would cause Nmap to quit with an Nsock error when
> --host_timeout was used (or when -T5 was used, which sets it
> implicitly).
>
> o Fixed a bug that would cause Nmap to fail to print the OS
> fingerprint in certain cases. Thanks to Ste Jones
> (root(a)networkpenetration.com) for the problem report.
>
> Nmap 3.40PVT4
>
> o Limited the size of service fingerprints to roughly 1024 bytes.
> This was suggested by Niels Heinen (niels(a)heinen.ws), because the previous
> limit was excessive. The number of fingerprints printed is also now
> limited to 10.
>
> o Fixed a segmentation fault that could occur when ping-scanning large
> networks.
>
> o Fixed service scan to gracefully handle host_timeout occurrences when
> they happen during a service scan.
>
> o Fixed a service_scan bug that would cause an error when hosts send
> data and then close() during the NULL probe (when we haven't sent
> anything).
>
> o Applied a patch from Solar Designer (solar(a)openwall.com) which
> corrects some errors in the Russian man page translation and also a
> couple typos in the regular man page. Then I spell-checked the man
> page to reduce future instances of foreigners sending in diffs to
> correct my English :).
>
> Nmap 3.40PVT6
>
> o Banner-scanned hundreds of thousands of machines for ports
> 21,23,25,110,3306 to collect default banners. Where the banner made
> the service name/version obvious, I integrated them into
> nmap-service-probes. This increased the number of 'match' lines from
> 27 to more than 100.
>
> o Created the service fingerprint submission page at
> http://www.insecure.org/cgi-bin/servicefp-submit.cgi
>
> o Changed the service fingerprint format slightly for easier
> processing by scripts.
>
> o Applied a large portability patch from Albert Chin-A-Young
> (china(a)thewrittenword.com). This cleans up a number of things,
> particularly for IRIX, Tru64, and Solaris.
>
> o Applied NmapFE patch from Peter Marschall (peter(a)adpm.de) which
> "makes sure changes in the relay host and scanned port entry fields
> are displayed immediately, and also keeps the fields editable after
> de- and reactivating them."
>
> Nmap 3.40PVT7
>
> o Added a whole bunch of services submitted by Brian Hatch
> (bri(a)ifokr.org). I also added a few Windows-related probes.
> Nmap-service-probes has gone from 101 match strings to 137. Please
> keep the submissions coming.
>
> o The question mark now only appears for ports in the OPEN state and
> when service detection was requested.
>
> o I now print a separator bar between service fingerprints when Nmap
> prints more than one for a given host so that users understand to
> submit them individually (suggested by Brian Hatch (bri(a)ifokr.org))
>
> o Fixed a bug that would cause Nmap to print "empty" service
> fingerprints consisting of just a semi-colon. Thanks to Brian Hatch
> (bri(a)ifokr.org) for reporting this.
>
> Nmap 3.40PVT8
>
> o Service scan is now OFF by default. You can activate it with -sV.
> Or use the snazzy new -A (for "All recommended features" or
> "Aggressive") option which turns on both OS detection and service
> detection.
>
> o Fixed compilation on my ancient OpenBSD 2.3 machine (a Pentium 60 :)
>
> o Added/fixed numerous service fingerprints thanks to submissions from
> Brian Hatch, HD Moore, Anand R., and some of my own testing. The
> number of match lines in this version grows from 137 to 164! Please
> keep 'em coming!
>
> o Various important and not-so-important fixes for bugs I encountered
> while test scanning.
>
> o The RPC grinder no longer prints a startup message if it has no
> RPC-detected ports to scan.
>
> o Some of the service fingerprint length limitations are relaxed a bit
> if you enable debugging (-d).
>
> Nmap 3.40PVT9
>
> o Added/fixed numerous service fingerprints thanks to submissions from
> Max Vision, MadHat, Seth Master. Match lines went
> from 164 to 179.
>
> o The Winpcap libraries used in the Windows build process have been
> upgraded to version 3.0.
>
> o Most of the Windows port is complete. It compiles and service scan
> works (I didn't test very deeply) on my WinXP box with VS.Net 2003.
> I try to work out remaining kinks and do some cleanup for the next
> version. The Windows code was restructured and improved quite a bit,
> but much more work remains to be done in that area. I'll probably
> do a Windows binary .zip release of the next version.
>
> o Various minor fixes
>
> Nmap 3.40PVT10
>
> o Added "soft matches". These are similar to normal match lines in
> that they provide a regex for recognizing a service (but no version).
> But instead of stopping at softmatch service recognition, the scan
> continues looking for more info. It only launches probes that are
> known-capable of matching the softmatched service. If no version
> number is found, at least the determined service is printed. A
> service print for submission is also provided in that case. So this
> provides more informative results and improves efficiency.
>
> o Cleaned up the Windows support a bit and did more testing and
> fixing. Windows service detection seems to be working fine for me
> now, although my testing is still pretty limited. This release
> includes a Windows binary distribution and the README-WIN32 has been
> updated to reflect new compilation instructions.
>
> o More service fingerprints! Thanks to Solar Designer, Max Vision,
> Frank Denis (Jedi/Sector One) for the submissions. I also added a
> bunch from my own testing. The number of match lines went from 179
> to 201.
>
> o Updated XML output to handle new version and service detection
> information. Here are a few examples of the new output:
> <port protocol="tcp" portid="22"><state state="open" /><service
> name="ssh" version="OpenSSH 3.1p1 (protocol 1.99)" method="probed"
> conf="10" /></port>
> <port protocol="tcp" portid="111"><state state="open" /><service
> name="rpcbind" version="2 (rpc #100000)" method="probed" conf="10" /></port>
> <port protocol="tcp" portid="953"><state state="open" /><service
> name="rndc" method="table" conf="3" /></port>
>
> o Fixed issue where Nmap would quit when ECONNREFUSED was returned
> when we try to read from an already-connected TCP socket. FreeBSD
> does this for some reason instead of giving ECONNRESET. Thanks to
> Will Saxon (WillS(a)housing.ufl.edu) for the report.
>
> o Removed the SERVICEMATCH_STATIC match type from
> nmap-service-probes. There wasn't much benefit of this over regular
> expressions, so it isn't worth maintaining the extra code.
>
> Nmap 3.40PVT11
>
> o Integrated many more services thanks to submissions from Simple
> Nomad, Solar Designer, jerickson(a)inphonic.com, Curt Wilson, and
> Marco Ivaldi. Thanks! The match line count has risen from 201 to 242.
>
> o Implemented a service classification scheme to separate the
> vendor/product name from the version number and any extra info that
> is provided. Instead of v/[big version string]/, the new match
> lines include v/[vendor/productname]/[version]/[extrainfo]/ . See
> the docs at the top of nmap-service-probes for more info. This
> doesn't change the normal output (which lumps them together anyway),
> but they are separate in the XML so that higher-level programs can
> easily match against just a product name. Here are a few examples
> of the improved service element:
> <service name="ssh" product="OpenSSH" version="3.1p1"
> extrainfo="protocol 1.99" method="probed" conf="10" />
> <service name="domain" product="ISC Bind" version="9.2.1"
> method="probed" conf="10" />
> <state state="open" /><service name="rpcbind" version="2"
> extrainfo="rpc #100000" method="probed" conf="10" />
> <service name="rndc" method="table" conf="3" />
>
> o I went through nmap-service-probes and added the vendor name to more
> entries. I also added the service name where the product name
> itself didn't make that completely obvious.
>
> o SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken
> to an extortion campaign of demanding license fees from Linux users
> for code that they themselves knowingly distributed under the terms
> of the GNU GPL. They have also refused to accept the GPL, claiming
> that some preposterous theory of theirs makes it invalid. Meanwhile
> they have distributed GPL-licensed Nmap in (at least) their
> "Supplemental Open Source CD". In response to these blatant
> violations, and in accordance with section 4 of the GPL, we hereby
> terminate SCO's rights to redistribute any versions of Nmap in any
> of their products, including (without limitation) OpenLinux,
> Skunkware, OpenServer, and UNIXWare.
>
> Nmap 3.40PVT12
>
> o I added probes for SSL (session startup request) and microsoft-ds
> (SMB Negotiate Protocol request).
>
> o I changed the default read timeout for a service probe from 7.5s to 5s.
>
> o Fixed a one-character bug that broke many scans when -sV was NOT
> given. Thanks to Blue Boar (BlueBoar(a)thievco.com) for the report.
>
> Nmap 3.40PVT13
>
> o Added SSL-scan-through support. If service detection finds a port to be
> SSL, it will transparently connect to the port using OpenSSL and use
> version detection to determine what service lies beneath. This
> feature is only enabled if OpenSSL is available at build time. A
> new --with-openssl=DIR configure option is available if OpenSSL is
> not in your default compiler paths. You can use --without-openssl
> to disable this functionality. Thanks to Brian Hatch
> (bri(a)ifokr.org) for sample code and other assistance. Make sure
> you use a version without known exploitable overflows. In
> particular, versions up to and including OpenSSL 0.9.6d and
> 0.9.7-beta2 contained serious vulnerabilities described at
> http://www.openssl.org/news/secadv_20020730.txt . Note that these
> vulnerabilities are well over a year old at the time of this
> writing.
>
> o Integrated many more services thanks to submissions from Brian
> Hatch, HellNBack ( hellnbak(a)nmrc.org ), MadHat, Solar Designer,
> Simple Nomad, and Shawn Wallis (swallis(a)ku.edu). The number of
> signatures has grown from 242 to 271. Thanks!
>
> o Integrated Novell Netware NCP and MS Terminal Server probes from
> Simple Nomad (thegnome(a)nmrc.org).
>
> o Fixed a segfault found by Solar Designer that could occur when
> scanning certain "evil" services.
>
> o Fixed a problem reported by Solar Designer and MadHat (
> madhat(a)unspecific.com ) where Nmap would bail when certain Apache
> version/info responses were particularly long. It could happen in
> other cases as well. Now Nmap just prints a warning.
>
> o Fixed some portability issues reported by Solar Designer
> ( solar(a)openwall.com )
>
> Nmap 3.40PVT14
>
> o Added IPv6 support for service scan.
>
> o Added an 'sslports' directive to nmap-service-probes. This tells
> Nmap which service checks to try first for SSL-wrapped ports. The
> syntax is the same as the normal 'ports' directive for non-ssl ports.
> For example, the HTTP probe has an 'sslports 443' line and
> SMTP-detecting probes have and 'sslports 465' line.
>
> o Integrated more services thanks to submissions from MadHat
> (madhat(a)unspecific.com), Solar Designer (solar(a)openwall.com), Dug
> Song (dugsong(a)monkey.org), pope(a)undersec.com, and Brian Hatch
> (bri(a)ifokr.org). There are now 288 signatures, matching these 65
> service protocols:
> chargen cvspserver daytime domain echo exec finger font-service
> ftp ftp-proxy http http-proxy hylafax ident ident imap imaps ipp
> ircbot ircd irc-proxy issrealsecure landesk-rc ldap meetingmaker
> microsoft-ds msrpc mud mysql ncacn_http ncp netbios-ns netbios-ssn
> netsaint netwareip nntp nsclient oracle-tns pcanywheredata pop3
> pop3s postgres printer qotd redcarpet rlogind rpc rsync rtsp shell
> smtp snpp spamd ssc-agent ssh ssl telnet time upnp uucp vnc
> vnc-http webster whois winshell X11
>
> o Added a Lotus Notes probe from Fyodor Yarochkin
> (fygrave(a)tigerteam.net).
>
> o Dug Song wins the "award" for most obscure service fingerprint
> submission. Nmap now detects Dave Curry's Webster dictionary server
> from 1986 :).
>
> o Service fingerprints now include a 'T=SSL' attribute when SSL
> tunneling was used.
>
> o More portability enhancements thanks to Solar Designer and his Linux
> 2.0 libc5 boxes.
>
> o Applied a patch from Gisle Vanem (giva(a)bgnett.no) which improves
> Windows emulation of the UNIX mmap() and munmap() memory mapping calls.
>
> Nmap 3.40PVT15
>
> o Fixed a major bug in the Nsock time caching system. This could
> cause service detection to inexplicably fail against certain ports in
> the second or later machines scanned. Thanks to Solar Designer and HD
> Moore for helping me track this down.
>
> o Fixed some *BSD compilation bugs found by
> Zillion (zillion(a)safemode.org).
>
> o Integrated more services thanks to submissions from Fyodor Yarochkin
> (fygrave(a)tigerteam.net), and Niels Heinen
> (zillion(a)safemode.org), and some of my own exploring. There are
> now 295 signatures.
>
> o Fixed a compilation bug found by Solar Designer on machines that
> don't have struct sockaddr_storage. Nsock now just uses "struct
> sockaddr *" like connect() does.
>
> o Fixed a bug found by Solar Designer which would cause the Nmap
> portscan table to be truncated in -oN output files if the results are
> very long.
>
> o Changed a bunch of large stack arrays (e.g. int portlookup[65536])
> into dynamically allocated heap pointers. The large stack variables
> apparently caused problems on some architectures. This issue was
> reported by osamah abuoun (osamah_abuoun(a)hotmail.com).
>
> Nmap 3.40PVT16
>
> o Fixed a compilation problem on systems w/o OpenSSL that was
> discovered by Solar Designer. I also fixed some compilation
> problems on non-IPv6 systems. It now compiles and runs on my
> Solaris and ancient OpenBSD systems.
>
> o Integrated more services thanks to submissions from Niels Heinen
> (zillion(a)safemode.org).
>
> o Canonicalized the headers at the top of each Nmap/Nsock header src
> file. This included clarifying our interpretation of derived works,
> updating the copyright date to 2003, making the header a bit wider,
> and a few other light changes. I've been putting this off for a
> while, because it required editing about a hundred !#$# files!
>
> Nmap 3.40PVT17
>
> o Wrote and posted a new paper on version scanning to
> http://www.insecure.org/nmap/versionscan.html . Updated
> nmap-service-probes and the Nmap man page to simply refer to this
> URL.
>
> o Integrated more service signatures from my own scanning as well as
> contributions from Brian Hatch (bri(a)ifokr.org), MadHat
> (madhat(a)unspecific.com), Max Vision (vision(a)whitehats.com), HD
> Moore (hdm(a)digitaloffense.net), Seth Master
> (smaster(a)stanford.edu), and Niels Heinen (zillion(a)safemode.org).
> MadHat also contributed a new probe for Windows Media Service. Many
> people set a LOT of signatures, which has allowed
> nmap-service-probes to grow from 295 to 356 signatures representing
> 85 service protocols!
>
> o Applied a patch (with slight changes) from Brian Hatch
> (bri(a)ifokr.org) which enables caching of SSL sessions so that
> negotiation doesn't have to be repeated when Nmap reconnects to the same
> between probes.
>
> o Applied a patch from Brian Hatch (bri at ifokr.org) which optimizes the
> requested SSL ciphers for speed rather than security. The list was
> based on empirical evidence from substantial benchmarking he did with
> tests that resemble nmap-service-scanning.
>
> o Updated the Nmap man page to discuss the new version scanning
> options (-sV, -A).
>
> o I now include nmap-version/aclocal.m4 in the distribution as this is
> required to rebuild the configure script ( thanks to Dmitry V. Levin
> (ldv(a)altlinux.org) for notifying me of the problem.
>
> o Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
> detects whether the PCRE include file is <pcre.h> or <pcre
>
> o Applied a patch from Dmitry V. Levin (ldv(a)altlinux.org) which
> fixes typos in some error messages. The patch apparently came from
> the highly-secure and stable Owl and Alt Linux distributions. Check
> them out at http://www.openwall.com/Owl/ and
> http://www.altlinux.com/
>
> o Fixed compilation on Mac OS X - thanks to Brian Hatch
> (bri(a)ifokr.org> and Ryan Lowe (rlowe(a)pablowe.net) for giving me
> access to Mac OS X boxes.
>
> o Stripped down libpcre build system to remove libtool dependency and
> other cruft that Nmap doesn't need. (this was mostly a response to
> libtool-related issues on Mac OS X).
>
> o Added a new --version_trace option which causes Nmap to print out extensive
> debugging info about what version scanning is doing (this is a subset
> of what you would get with --packet_trace). You should usually use
> this in combination with at least one -d option.
>
> o Fixed a port number printing bug that would cause Nmap service
> fingerprints to give a negative port number when the actual port was
> above 32K. Thanks to Seth Master (smaster at stanford.edu) for finding
> this.
>
> o Updated all the header text again to clarify our interpretation of
> "derived works" after some suggestions from Brian Hatch
> (bri(a)ifokr.org)
>
> o Updated the Nsock config.sub/config.guess to the same newer versions
> that Nmap uses (for Mac OS X compilation).
>
> Nmap 3.45
>
> o Integrated more service signatures from MadHat
> (madhat(a)unspecific.com), Brian Hatch (bri(a)ifokr.org), Niels
> Heinen (zillion(a)safemode.org), Solar Designer
> (solar(a)openwall.com), Seth Master
> (smaster(a)stanford.edu), and Curt Wilson
> (netw3_security(a)hushmail.com). We now have 378 signatures
> recognizing 86 unique service protocols.
>
> o Added new HTTPOptions and RTSPRequest probes suggested by MadHat
> (madhat(a)unspecific.com)
>
> o Changed the .spec file to compile Nmap RPMs without SSL support to
> improve compatability (Some users might not have OpenSSL, and even
> those who do might not have the right version (libopenssl.so.2 vs
> libopenssl.so.4, etc).
>
> o Applied a patch from Solar Eclipse (solareclipse(a)phreedom.org)
> which increases the allowed size of the 'extrainfo' version field from
> 80 characters to 128. The main benefit is to allow longer apache module
> version strings.
>
> o Fixed Windows compilation and improved the Windows port slightly (no
> more macro to redefine read().
>
> o Applied some updates to README-WIN32 sent in by Kirby Kuehl
> (kkuehl(a)cisco.com). He improved the list of suggested registry
> changes and also fixed a typo or two. He also attached a .reg file
> automate the Nmap connect() scan performance enhancing registry
> changes. I am now including that with the Nmap Windows binary .zip
> distribution (and in mswin32/ of the source distro).
>
> o Applied a one-line patch from Dmitry V. Levin (ldv at altlinux.org)
> which fixes a test Nmap does during compilation to see if an existing
> libpcap installation is recent enough.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iQCVAwUBP2bGJs4dPqJTWH2VAQEZ7wP/cAwAqPYhRqRO1IhT1KOgjlUX1QEAjcHC
> S+/OD8kei3ct0AyP9/05Zs4Ay6DYWMQjmIIuAWqvFRHjIjj1PKpvUxoejZH/nrF0
> 8RAkhb4F/eoAvr6pET7qWepdoLX+Q41j9+hCdaBSI3z6lNVHPfN8g7XaFe4OxKf2
> VK6yNKGgE6w=
> =DLVB
> -----END PGP SIGNATURE-----
>
>
> --------------------------------------------------
> For help using this (nmap-hackers) mailing list, send a blank email to
> nmap-hackers-help at insecure.org . List run by ezmlm-idx (www.ezmlm.org).
--
MadHat at Unspecific.com
`But I don't want to go among mad people,' Alice remarked.
`Oh, you can't help that,' said the Cat: `we're all mad here...'
-- Lewis Carroll - _Alice's_Adventures_in_Wonderland_
More information about the Discuss
mailing list