home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 35 Internet
/
35-Internet.zip
/
nmap254b.zip
/
CHANGELOG
next >
Wrap
Text File
|
2001-10-14
|
49KB
|
1,169 lines
# Nmap Changelog ($Id: CHANGELOG,v 1.85 2001/10/14 21:28:41 fyodor Exp $)
Nmap 2.54BETA30
-- Added a Document Type Definition (DTD) for the Nmap XML output
format (-oX) to the docs directory. This allows validating parsers
to check nmap XML output files for correctness. It is also useful
for application programmers to understand the XML output structure.
The DTD was written by William McVey (wam@cisco.com) of Cisco Secure
Consulting Services ( http://www.cisco.com/go/securityconsulting ).
-- Merged in a number of Windows fixes/updates from Andy Lutomirski
(Luto@myrealbox.com)
-- Merged in fixes/updates (mostly to the Windows functionality) from
Matt Hargett (matt@use.net)
-- Applied patch by Colin Phipps (cph@netcraft.com) which correctly
encodes special characters in the XML output.
-- Applied patch by William McVey (wam@cisco.com) which adds the uptime
information printed with -O to the XML output format.
-- Fixed byte-order bug in Windows packet matching code which caused
-PS and -PT to fail. Bug found and patch sent by Tim Adam
(tma@osa.com.au)
-- Fixed segfault problem with "-sU -F". Nobody reported this until
I noticed it :(. Anytime you see "Segmentation Fault" in the latest
version of Nmap, it is probably a bug -- please mail me the command
you used, the OS/platform you are running on, and whether it is
reproducable.
-- Added a convenience option "-oA (basefilename)". This tells Nmap
to log in ALL the major formats (normal, grepable, and XML). You
give a base for the filename, and the output files will be
base.nmap, base.gnmap, and base.xml.
-- Documented the --append_output option which tells Nmap to append
scan results to any output files you have specified rather than
overwriting the files.
-- Integrate TIMEVAL_SEC_SUBTRACT() fix by Scott Renfro (scott@renfro.org)
which improves timing accuracy.
** 2.54BETA29
-- Integrated William McVey's multi-portlist patch. This allows you
to specify different port numbers when scanning both TCP & UDP.
For example, if you want to UDP for 53,111 and 137 while TCP
scanning for 21-25,80,139,515,6000,8080 you could do:
nmap -sSU -p U:53,111,137,T:21-25,80,139,515,6000,8080 target.com .
Prior to this patch, you had to either use different Nmap
executions or scan both UDP & TCP of each port. See the man page
for more usage info.
-- Added/updated a bunch of fingerprints, including Windows XP
release candidates #1 & #2, OpenBSD 2.9, various home
gateways/cable modem, MacOS X 10.0.4, Linux 2.4.7, Guantlet
Firewall 4.0a, a few Cisco routers, and, most importantly, the
Alcatel Advanced Reflexes IP Phone :). Many other fingerprints
were updated as well.
-- Found and fixed some relatively major memory leaks based on reports
sent in by H D Moore (hdm@secureaustin.com), mugz
(mugz@x-mafia.org), and Steven Van Acker (deepstar@ulyssis.org)
-- Applied patch from Chad Loder (chad_loder@rapid7.com) which
improves random target host selection (-iR) by excluding more
undesirable addresses.
-- Fixed portscan timing bug found by H D Moore
(hdm@secureaustin.com). This bug can occur when you specify a
--max_rtt_timeout but not --initial_rtt_timeout and then scan
certain firewalled hosts.
-- Fixed port number printing bug found by "Stephen Leavitt"
<stephen_j_leavitt@hotmail.com>
-- The Nmap source tarball now extracts with more lenient permissions
(sometimes world-readable or world-executable, but never
world-writable). If you don't want this, set your umask to 077
(which is what I do). Suggested by Line Printer (lps@rahul.net)
** 2.54BETA28
-- I hope that I have fixed the Libpcap "Unknown datalink type" problem that
many people reported. If you still receive this error, please send
me the following info:
1) Full output of Nmap including the command you typed
2) What OS/OS version you are using
3) What type of interface is the scan going through (PPP, ISDN, ethernet,
PPPoE, etc)
4) Whether you compiled from source or used the RPM version
-- Hopefully fixed Libpcap lex/yacc generated file problem that
plagued a few folks.
-- Various minor fixes/changes/updates
** 2.54BETA27
-- Fixed bug that caused "adding open port" messages to be printed
even when verbose mode was not specified. (patch sent by Doug Hoyte
( dugely@yahoo.com ).
-- Fixed bug in zombie:port option parsing in Idlescan as well a few
other bugs in patch sent by Germano Caronni (gec@acm.org)
-- Fixed Windows compilation (I broke it when I added Idlescan).
-- Fixed a (Win32 only) port identification bug which would cause some
ports to be listed as "unknown" even when Nmap should know their
name. This was found at patched by David Griffiths
(davidg@intrinsica.co.uk).
-- Fixed more nmap-os-fingerprints syntax/grammar violations found by
Raymond Mercier of VIGILANTe
-- Fixed a memory leak in Nbase str*casecmp() functions by applying
patch sent by Matt (matt@use.net). I plan to kill this whole
strcasecmp.c file as soon as possible (it is a mess).
** 2.54BETA26
-- Added Idlescan (IPID blind scan). The usage syntax is
"-sI <zombie>".
-- Fixed a bunch of fingerprints that were corrupt due to violations
of the fingerprint syntax/grammar (problems were found by Raymond
Mercier of VIGILANTe )
-- Fixed command-line option parsing bug found
by "m r rao" (mrrao@del3.vsnl.net.in )
-- Fixed an OS fingerprinting bug that caused many extra packets to be
sent if you request a lot of decoys.
-- Added some debug code to help diagnose the "Unknown datalink type"
error. If Nmap is giving you this error, please send the following
info to fyodor@insecure.org :
1) The full output from Nmap (including the command arguments)
2) What OS and OS version are you using
3) What type of adaptor are you using (modem, ethernet, FDDI, etc)
-- Added a bunch of IDS sensor/console/agent port numbers from
Patrick Mueller (pmueller@neohapsis.com)
** 2.54BETA25
-- Added a whole bunch of new OS fingerprints (and adjustments)
ranging from big important ones (Linux 2.4.X, OpenBSD 2.9, FreeBSD
4.3, Cisco 12.2.1, MacOS X, etc) to some that are more obscure (
such as Apple Color LaserWriter 12/660 PS and VirtualAccess
LinxpeedPro 120 )
-- Upgraded Libpcap to the latest version (0.6.2) from tcpdump.org. I
modified the build system slightly by shipping pre-generated
scanner.c/grammer.c (instead of using lex/yacc) and I also upgraded
to the newest config.sub/config.guess .
-- Fixed some issues with the new Libpcap under Linux (patches will be
sent to the developers).
-- Added "All zeros" IP.ID sequence classification to account for the
new Linux 2.4 scheme which seems to use 0 whenever the DF bit is
set (probably a good idea).
-- Tweaked TCP Timestamp and IP.ID sequence classification algorithms
** 2.54BETA24
-- Fixed compilation problems on MacOS X publis release. Thanks to
Nicolas Dawson (nizcolas@myrealbox.com) for securing an account for
me.
-- On the suggestion of the ever-helpful LaMont Jones (lamont@hp.com),
I obtained the newest config.guess/config.sub from
http://subversions.gnu.org/cgi-bin/cvsweb/config and made
libpcap/nbase use symlinks rather than copeis of the file
-- Applied patch from LaMont Jones (lamont@hp.com) which makes Nmap
compatable with gcc 3.0 (apparently printf() is a macro in that
version)
-- Applied patch from Colin Phipps (cph@netcraft.com) which fixes a
problem that kept UDP RPC scanning from working unless you were
also doing a TCP scan.
-- Applied a patch from Chris Eagle (cseagle@redshift.com) which fixes
Windows compilation (I broke it with a recent change).
-- Updated Lithuanian translation of man page based on a newer version sent
by Aurimas Mikalauskas (inner@crazy.lt)
-- Killed carriage returns in nmap.c and nmapfe.c, which caused problems
for some (SGI) compilers. Problem noted by Artur
Niederstebruch (artur@sgi.com)
-- Updated to latest version of rpc program number list, maintained by
Eilon Gishri (eilon@aristo.tau.ac.il)
-- Fixed a quoting bug in the Nmap man page found by
Rasmus Andersson <rasmus@pole-position.org>
-- Applied RPM spec file changes from "Benjamin Reed"
(ranger@befunk.com) which allows you to avoid building the frontend
by adding "--define frontend 0" to the build command (eg --rebuild,
--ba, etc).
** 2.54BETA22
-- Eliminated usage of u_int32_t (was causing compilation errors on
some Sun and HP boxes). Problem first noted by Nick Munger
(nmunger@Oswego.EDU) and Ralf Hildebrandt
(Ralf.Hildebrandt@innominate.com) and Antonin Sprinzl
(Antonin.Sprinzl@tuwien.ac.at)
-- Defined integer-width typedefs such as u32/s32/u16/etc. in Nbase.
Went through much of the Nmap code and substituted these in where
correct lengths are important (port numbers, IP addresses, etc).
** 2.54BETA21
-- Cleaned up a few build/distribution issues that were reported
by LaMont Jones (lamont@hp.com)
-- Fixed compiler warning noted by Gabor Z. Papp (gzp@papp.hu) )
** 2.54BETA20
-- Added TCP Timestamp sequence checking for OS detection and
Netcraft-style uptime tests.
-- Found and fixed (I hope) byte alignment problem which was causing
bus errors on SPARC64 ( reported by H D Moore (hdm@secureaustin.com)
and Matthew Franz (mfranz@cisco.com) )
-- Apple Darwin (Mac OS X) 1.2 portability patch from
Rob Braun <bbraun@synack.net>
-- Added IPID sequence number predictability report (also now used in
OS detection).
-- Show actual IPID, TCP ISN, and TCP timestamp values in XML format
output rather than just the cooked results.
-- Suppress IPID and TCP ISN predictability report unless you use -v
(you need -O as well).
-- Applied Solaris 8 compilation fixes from Germano Caronni
( gec@acm.org )
-- Applied configure.in variable name typo fixes from Christian
Weisgerber (naddy@openbsd.org)
-- Applied some more changes from Andy Lutomirski (Luto@mailandnews.com)
which provides better detection and reporting from some heinous errors.
-- Added -n and -R (always/never DNS resolve) options to the man page.
** 2.54BETA19
-- I ported NmapFE to Windows so that Win32 users can use the
graphical interface. It generally works, although I haven't tested
much. Patches welcome!
-- Various little fixes and cleanups, especially to the Windows port.
-- Applied patch from Andy Lutomirski (Luto@mailandnews.com) which
enhances some of the Win* error messages and adds the --win_trace
debugging option.
-- Applied some patches from Jay Freeman (saurik@saurik.com)
-- New --data_length option adds indicated number of random data
bytes to send with scan packet and tcp ping packet (does not
currently work with ICMP ping packet). Does not affect OS
detection, RPC, or connect() scan packets.
-- Windows portability fixes
-- Various other little fixes.
-- Renamed rpc.h and error.h because they conflict with Windows
include files. By the way, this was a pain to figure out because
VC++ is such a crappy compiler! It basically just says problem in
"foobar.h" without giving you any idea how foobar.h got included!
gcc gives you a nice message tracing the chain of include files!
** 2.54BETA16
-- Upgraded to latest version of Winpcap ( 2.1-beta )
-- Merged in Windows port code from Ryan Permeh ( ryan@eeye.com) and
Andy Lutomirski ( Luto@mailandnews.com ).
-- Took out C++ compiler test from nbase configure script. It was
inserted accidently, but I found it interesting that only 2 people
complained about this causing them problems. I guess most everyone
already has C++ compilers.
-- Applied patch from Steve Bleazard (steve@bleazard.com) which fixed
bug in internal Smoothed Round Trim Time calculations.
-- Fixed CFLAGS computation error in configure. Problem discovered
and patched by Fredrik Lundholm (exce7@ce.chalmers.se)
-- Added more debugging code for "Unknown datalink type" error -- if
you get this, please send me the full error msg including hex values.
-- Added Portuguese man page translations from Antonio Pires de Castro
Junior (apcastro@ic.unicamp.br).
-- Capitalized all references to God in error messages.
** Version 2.54BETA7
-- Applied patch from Hubert Feyrer
(hubert.feyrer@informatik.fh-regensburg.de) which adds support for
the new NetBSD DLT_PPP_* types.
-- Updated to Eilon Gishri's (eilon@aristo.tau.ac.il) newest version
of nmap-rpc at ftp://ftp.tau.ac.il/pub/users/eilon/rpc/rpc
-- Moved a bunch of the scanning engine related functions to new files
(scan_engine.c and scan_engine.h ). Timing functions were moved to
the new timing.c/timing.h . Other stuff was shifted to
tcpip.c/tcpip.h. At some point, nmap.c will only contain the Nmap
command line UI.
-- Updated Russian version of man page from Alex Volkov (topcat@nm.ru)
** Version 2.54BETA6
-- Added XML output (-oX). Hopefully this will help those of you
writing Nmap front ends and other tools that utilize Nmap. The
"machine-readable" output has been renamed "grepable" (-oG) to
emphasize that XML is now the preferred machine-readable output
format. But don't worry if your tool uses -oM , that format (and
the deprecated -oM flag) won't go away any time soon (if ever).
-- Applied patch from Stefan Rapp <s.rapp@hrz.uni-dortmund.de> which fixes
a variable argument integer promotion problem in the new snprintf
compatability file. This is important for Redhat 7 systems.
-- Reorganized output-related routines so that they now reside in
output.c & output.h. Let me know if I accidently screwed up the
behavior of any scan types in the process.
** Version 2.54BETA5
-- Revamped the 'compatability libraries' subsystem. Moved all of
that to a new library called 'libnbase' and changed Nmap and NmapFE
to use that. I included a better version of *snprintf and some
other compatability files. Obviously I cannot test these changes
on every whacked OS that needs this compatability cruft, so please
let me know if you run into compilation problems.
-- Fixed a problem found by Martyn Tovey <martyn@netcraft.com> when
using Nmap on platforms that dislike division by zero.
-- Removed 128.210.*.* addresses from Nmap man page due to complaints
from Purdue security staff.
-- Fixed FreeBSD (some versions) compilation problem found by Martyn
Tovey <martyn@netcraft.com>
** Version 2.54BETA4
-- Upgraded to the very latest Libpcap version ( the 9/3/00 CVS
snapshot ). This version is from the tcpdump.org group rather than
the Lawrence Livermore crew. The most important advantage is Linux
Socket Filter support (so you won't have that annoying syslog
message about Nmap using the obsolete SOCK_PACKET interface).
-- I tried to install Nmap on yet another machine without lex/yacc or
flex/bison. That was the last straw! I am now shipping the
generated C files, which eliminates the lex/yacc requirement.
-- Applied patch by Jay Freeman (saurik) <saurik@saurik.com> to make
Nmap C++-clean (this was lot of tedious work! Thanks!). Note that
Nmap still uses a normal C compiler by default, but Nmap
derivatives may appreciate C++ compatability. Note that this only
applies to "Nmap proper", not libpcap.
-- Added a HACKING file for people who want to help with Nmap
development. It describes preferred patch formats, development
resources, and offers a number of useful changes that would likely
be accepted into the main tree.
-- Fixed a configure.in error found by Vacuum
(vacuum@technotronic.com) which could cause compilation errors.
-- Fingerprint file adjustments for better Win* detection
-- Ensure libpcap is not configured and/or installed if you already
have a "new enough" version (0.4a6+) installed.
-- Included Italian translation of Nmap man page from Giorgio Zoppi
<deneb@supereva.it> .
-- Fixed a SYN scan problem that could cause a major slowdown on some
busy networks.
-- Fixed a crash problem in NmapFE reported by sverre ( sverre@gmx.net )
-- Added an "SInfo" line to most printed fingerprints. It looks
similar to this:
SInfo(V=2.54BETA4%P=i686-pc-linux-gnu%D=9/4%Time=9681031%O=7%C=1)
and contains information useful when fingerprints are reported
(Nmap version/platform, scan date, and open/closed ports used)
-- Fixed RPCGrind (-sR) scan. It has been almost completely broken
since 2.54BETA2 (which has been out for two weeks) and nobody
reported it! I noticed the problem myself during testing of
something else. I am disappointed that nobody bothered to even let
me know that this was broken. Does anyone even use RPC Scan?
-- Various other small fixes/improvements
** Version 2.54BETA3
-- Went through and added/adjusted a bunch of fingerprints. A lot of
people submitted Windows Millenium Edition (WinME) beta
fingerprints, but nobody submitted IPs for them. So please let me
know if this version detects your WinME boxes.
-- Applied NmapFE patch from Michael Fischer v. Mollard <mfvm@gmx.de>
which made did the following:
-- Added delete event so that NmapFE always quits when you kill it
with your window manager
-- added the menubar to the vbox instead to the fixed widget
-- Various small fixes/improvements
** Version 2.54BETA2
-- Added a shortcut which can make single port SYN scans of a network
much faster. For example, if a new sendmail vulnerability is
found, this reduces the time it takes to scan your whole network
for port 25. This shortcut takes effect when you do "-PS<port> -sS
-p<port>". For example 'nmap -n -sS -p25 -PS25 24.0.0.0/8". This
optimization doubled the scan speed in a 30,000 IP test I performed.
-- Added -sL (List scan). Just as ping scan (-sP) allows you to short
circuit the scan right after pinging, -sL allows you to short
circuit the scan right after target selection. This allows you to
see what hosts WOULD be scanned without actually doing it. The
hosts will be resolved unles you use -n. Primary uses:
1) Get all the IPs in a network (like A.B.C.D/16) and take out
machines that are too fragile to be scanned safely before
calling Nmap with the new list (using -iL).
2) Test that a complex spec like 128.4,5,7-9.*.7 does what you
expect before actual scanning.
3) When all you want to do is resolve a bunch of IPs.
4) You just want results of a zone transfer (if it is implemented).
-- Added some new fingerprints and adjusted some others based on
submissions to the DB (I still have a lot more to go through so
don't worry if your submission is still not detected).
-- Added a warning when you scan 0 hosts (eg "nmap -v"). There are
various other output tweaks as well.
-- Insured that 0.0.0.0 can be scanned by nmap (although on some OSs, like
Linux, it won't work due to what seem to be kernel bugs). Oh
well. I'll look into it later.
** Version 2.54BETA1
-- Added an extremely cool scan type by Gerhard Rieger ( rieger at
iue.tuwien.ac.at ) -- IP Protocol scanning. Basically it sends a
bunch of IP headers (no data) with different "protocol" fields to
the host. The host then (usually) sends back a protocol
unreachable for those that it does not support. By exclusion, nmap
can make a list of those that are supported. This is similar in
concept to (and is implemented using most of the same scanning
routines as) UDP scanning. Note that some hosts do not send back
protocol unreachables -- in that case all protocols will appear
"open".
-- Fixed an uninitialized variable problem in NmapFE (found by Alvin
Starr (alvin at iplink.net )
-- Fixed a packaging problem that lead to the Nmap man page being
included twice in the .tgz .
-- Fixed dangling nroff include in xnmap man page (noted by Debian
Nmap package maintainer LaMont Jones (lamont@security.hp.com)
-- Give a warning when no targets at all are specified
-- Updated 'make uninstall' so that it deletes all relevant files
-- Included latest nmap-rpc from Eilon Gishri (eilon at aristo.tau.ac.il)
-- Eliminated -I. from Nmap's and NmapFE's makefiles (suggested by
"Jay Freeman (saurik)" (saurik at saurik.com)
-- Added Russian documentation by Alex Volkov
-- Added Lithuanian documentation from Aurimas Mikalauskas (inner at dammit.lt)
** Version 2.53
-- Fixed a commenting issue that could cause trouble for non-GNU compilers
(first found by Jan-Frode Myklebust (janfrode at parallab.uib.no))
-- A few new services to nmap-services
** Version 2.52
-- Added very simple man pages for xnmap/nmapfe (lack of man pages for
these was noticed by LaMont Jones (lamont (at) hp.com), the Debian
Nmap package maintainer, based on bug report by Adrian Bunk (bunk
(at) fs.tum.de ).
-- Fixed a "Status: Down" machine name output problem in machine
parseable logs found by Alek O. Komarnitsky ( alek (at) ast.lmco.com )
-- Took some wierd files out of the doc directory (cd, grep , vi, and
.swp)
-- Fixed some typos found by Thomas Klausner ( wiz (at)
danbala.ifoer.tuwien.ac.at )
-- Updated nmap-rpc with new entries found in the latest version of Eilon
Gishri's rpc list.
** Version 2.51
-- Fixed target parsing bug found by Steve Horsburgh (shorsburgh (at)
horsburgh.com).
-- Changed makefile/rpm to store fingerprint, rpc, and services file
in $prefix/share/nmap rather than $prefix/lib/nmap , since these
files are architecture independent. You should now use
./configure --datadir instead of ./configure --libdir to change
the default location. Suggested by Thomas Klausner ( wiz (at)
danbala.ifoer.tuwien.ac.at ).
-- I am now including Eilon Gishri's (eilon (at) aristo.tau.ac.il) rpc
number list (which he recently merged with the Nmap 2.50 rpc list).
-- Included Spanish and French HTML versions of the Nmap man page (may
not always be up to date).
** Version 2.50
-- Fixed an IP calculation error which could occur in some cases where
you scan machines on different devices (like lo and eth0). This
problem was discoved by Jonathan Fine (jfine@psu.edu).
-- Fixed a problem that could, in rare cases, cause a SYN scan scan to
crash (the error message was "attempt to add port number X with
illegal state 0"). This problem was reported by Erik Benner
(erik@xyzzy.net)
-- Changed the .spec file so that RPM versions create a xnmap link to
nmapfe ( the normal make install has done this for a long time ).
** Version 2.3BETA21
-- A number of people reported problems with nmapfe in various
environments (specifically gdk errors, hangs, and crashes). I
think that is now fixed. Let me know if you still have the problem
(make sure the title bar says BETA21).
-- Added a bunch of OS fingerprints based on all the contributions in
the last month or so.
-- Fixed a bug that completely broke RPC scanning in BETA19.
-- Added list of ports scanned near the top of each machine log WHEN
-v was specified. Here is an example of the format:
# Ports scanned: TCP(13;1-10,22,25) UDP(0;)
The "13" above is the number of TCP ports being scanned.
-- Got rid of a snprintf() from nmapfe sine some systems don't have it
:( and I'm to lazy to integrate in the snprintf that comes with
nmap right now.
-- Fixed important target IP range parsing bug found by Jean-Yves
Simon ( lethalwp@linuxbe.org ).
-- Applied patch by albert chin (china at thewrittenword.com) which
adds --with-libpcap[=DIR] option to configure and and adds an
elegant approach for -lnsl and -lsocket checking to configure .
-- Fixed a bug which could cause Nmap to mark a port filtered based on ICMP
dest. unreachable packets relating to a different host than the one
being scanned.
-- Fixed output problem relating to ident scan noted by Peter
Marschall ( peter.marschall at mayn.de )
-- Applied patch to services.c by Andrew Brown (atatat@atatdot.net)
which prevents some useless debugging (-d) output when reading some
kindss of /etc/services files.
-- Added "Host: [machinename] (ip) Status: Down" to machine logs when
the verbose option is given (just like down hosts are reported to
stdout when verbose is given). Suggested by Alek Komarnitsky.
-- Applied NetBSD compatability patch provided by Mipam (reinoud at
ibbnet.org) which changes an autoconf macro to check for
getopt_long_only instead of getopt_long.
-- Nmap used to print an inaccuracy warning when no open TCP ports
were found on the target machine. Due to a bug, this was not
always being printed. Problem found by Matt (matt at use.net) and
Ajay Gupta2 (Ajay.Gupta2 at ey.com).
-- Added the number of ports in the ignored state right after the
state name in machine parseable logs. It used to looke like:
"Ignored State: closed" whereas now it looks like:
"Ignored State: closed (1508)" Meaning that 1508 ports were closed
and thus are not specifically enumerated.
-- Changed all nmapfe calls to gdk_font_load into gdk_fontset_load .
Bennett Feitell (bfeitell at panix.com) suggested that this fixed
some nmapfe font problems.
** Version 2.3BETA20
-- Applied patch sent in by s.rapp@hrz.uni-dortmund.de which fixes a
memory alignment bug in osscan.c which could cause core dumps on
machines which require aligned access (like SPARC).
-- Fixed a compilation problem on machines that do not have MAP_FAILED
defined (as a return value to mmap). Problem noted by Phil
Stracchino <alaric@babcom.com>.
** Version 2.3BETA19
-- Tweaked the output so that it now tells how many ports are not
shown and what state the ignored ports are in. This info could be
inferred before by people who had studied the manpage, but now the
info is explicitly available. I cleaned up a bunch of stuff
internally to make this happen. I hope I didn't break anything!
-- Changed NmapFE so that it always kills any running Nmap process
when you press exit. Problem noted by Marc Renner
(mrenner (at) ci.marysville.wa.us)
-- Apparently some Linux (glibc) systems now come with a "strcasestr"
function. So I have made autoconf look for this and use the native
version if supported. (problem noted by Sami Farin
(sfarin (at) ratol.fi)).
-- Added a new attribute "Ignored State: xxx" to the machine parseable
logs, where xxx is the state (closed, filtered, or UNfiltered) that
is being ignored. Ports in that state are not listed (they weren't
listed in earlier versions either). Perhaps I should list ALL
ports for machine parseable output. Opinions?
-- Merged in a patch sent in by Mipam (reinoud (at) ibbnet.org) which is
apparently part of the OpenBSD Nmap "port". Although Nmap seems to
work fine for me on my OpenBSD 2.4 box, a couple OpenBSD users have
complained of problems. Hopefully this will help. (it adds
DLT_LOOP and DLT_ENC offset cases when reading from libpcap).
-- A few really minor bugfixes.
** Version 2.3BETA18
-- Fixed a very important bug that occurred when SYN scanning
localhost. Many thanks to Dries Schellekens (
gwyllion (at) ace.ulyssis.student.kuleuven.ac.be ) for first reporting
the problem.
-- Uros Prestor from TurboLinux informed us that the latest
versions of Nmap work with Linux on the upcoming Intel
Merced/Itanium IA-64 processors. He also said that the TurboLinux
distribution includes Nmap. Kudos to them! As well as the other
distros that support Nmap (Debian, Red Hat, Suse, Trinux) and of
course FreeBSD, NetBSD, & OpenBSD. Does anyone know if Nmap ships
with the latest from Mandrake or Corel? The latest Solaris
includes some Free software. If anyone can get them to ship Nmap,
I will buy you a case of beer :).
-- Added a #define to change vsnprintf to vsprintf on machines which
do not support the former (mostly Solaris 2.5.1 and earlier). This
function is less safe. For people who care about security, we
recommend an upgrade to Solaris 8 (or Linux/*BSD).
-- Changed the NmapFE version to 0.<nmap_version> rather than always
leaving it at 0.9.5 (which was confusing). Thanks to J.D.K. Chipps
(jdkc (at) woptura.com) for noticing this.
-- Added support for "-vv" (means the same as "-v -v"). Older
versions of Nmap supported it (noted by George Kurtz).
** Version 2.3BETA17
-- Added ACK scanning. This scan technique (which van Houser and
others have been bugging me to add for years :), is great for
testing firewall rulesets. It can NOT find open ports, but it can
distinguish between filtered/unfilterd by sending an ACK packet to
each port and waiting for a RST to come back. Filtered ports will
not send back a RST (or will send ICMP unreachables). This scan
type is activated with -sA .
-- Documented the Window scan (-sW) which Lamont Granquist added in
September 99.
-- Added a whole bunch of OS fingerprints that people have submitted.
-- "Protocol" field in output eliminated. It is now printed right
next to the number (/etc/services style). Like "22/tcp". I wonder
what I should put in the extra white space this leaves on the
report :).
-- Added --resume option to continue a large network scan where you
left off. This is useful for recovering from errors (modem drops
carrier, network outage, etc). It also allows you to start and
stop for policy reasons (like if a client only wants you to scan on
weekends or at night) or if you want to run the scan on a different
host. Usage is 'nmap --resume logfile' where logfile can be either
normal (-oN) or machine parseable (-oM) logfile from the scan that
was aborted. No other options can be given (the options in the
logfile from the original scan will be used). Nmap will start off
with the host after the last one successfully scanned in the log
file.
-- Added --append_output option which causes -oN/-oM/-oS to APPEND to
the output file you specify rather than overwriting it.
-- Various internal code cleanup, makefile fixes, etc.
-- Changed version number from 2.3BETA* to 2.30BETA* to appease
various packaging systems that thought 2.3BETA was < 2.12 .
-- Nmap output to files now correctly flushes output after scanning
for each host is finished.
-- Fixed compiler -L flags error found by Ralf Hildebrandt
<R.Hildebrandt (at) tu-bs.de>
-- Fixed configure scripts so that options you give to the Nmap
configure (like --prefix ) are also passed to the nmapfe configure
script. This problem was noted by Ralf Hildebrandt
<R.Hildebrandt (at) tu-bs.de>. While I was at it, I added some other
cleanups to the system.
-- Added --noninteractive option for when nmap is called from scripts
(where stuff like prompting users for info is unacceptable). It
does not currently do anything (Nmap never prompts) and script
writers should probably wait until at least May '2000 so their
scripts still work with earlier versions of Nmap.
-- Updated to the latest config.guess and config.sub from Autoconf 2.13
-- Applied patch by Sven <s.carstens (at) gmx.de> which fixes a segmentation
fault problem in Nmapfe colored mode as well as some output niceties.
-- Changed some C++ comments to C-style for portability (noticed by
"Sergei V. Rousakov" <sergei (at) cas.Vanderbilt.Edu> )
** Version 2.3BETA14
-- Peter Kosinar <goober (at) gjh.sk> performed some cleanup of the output
routines and as a bonus he added skript kiddie output mode!!! Try
it out by adding "-oS - " to your nmap command line. Note that
using '-' to represent stdout instead of a filename is something
you can do with any of the output modes.
-- Ensured that Nmap always gives up on ident scan after the first
port attempt finds it to be closed (problem noticed by Matt
<matt (at) use.net>)
-- Changed strsep's in nmapfe to more portable strtok's (should
especially help Nmapfe compiles on Solaris)
-- Changed permutation algorithm to make port order and host order
shuffling more random.
-- Various minor changes and internal code cleanup.
-- Fixed integer overflow that was limiting the max --host_timeout value
to about 2,000,000 milliseconds (~1/2 hour). The limit is now
about 4,000,000,000 milliseconds (~1 month). I really hope you don't
need more than that :).
** Version 2.3BETA13
-- I made Nmap smarter about detecting filtering during UDP, Xmas,
NULL, and FIN scans.
-- Updated Nmapfe to 0.9.5 (+ a patch from NmapFE author Zach Smith)
-- Fixed a problem where NmapFE would fail to honor $PATH (Noticed
by K. Scott Rowe <kscott (at) nmt.edu>)
-- Added a couple ICMP unreachable messages Nmap was missing (found by
Bifrost <bifrost (at) minions.com>).
-- Internal cleanup that improves the way some port lists are stored.
-- Added some more RPC numbers from <mmmorris (at) netscape.net>
-- Relaxed the dependency requirements of nmapfe rpm (now will accept
any version of Nmap).
** Version 2.3BETA12
-- Added interactive mode which adds convenience for managing nmap
sessions and also enhances privacy. Get to it with --interactive
and then type 'h' for help.
-- Added/modified many fingerprints including the latest 2.3.X Linux
releases, the latest Win2000 builds, the Apple Airport Wireless
device, and several dozen more.
-- Migrated to RPM .spec file sent in by Tim Powers
<timp (at) redhat.com>. That is the file they will be using to package
Nmap with the power tools CD in the next Redhat release. The most
important changes are that Nmap (only the RPM version) now installs
in /usr/* instead of /usr/local/* and the frontend is now
dynamically linked with GTK and comes in a separate rpm.
-- The -i (input from list) option has been deprecated. From now on
you should use -iL <filename> to read from a list or -iR to have
Nmap generate random IPs to scan. This -iR option is new.
-- The -o and -m options have been deprecated. From now on, you
should use -oN for normal (human readable) output and -oM for
machine parseable output. At some point I might add -oH (HTML
output) or -oSK (sKr|pt |<iDdi3 0uTPut).
-- Added --randomize_hosts option, which causes hosts be be scanned in
non-sequential order. This makes scans less conspicuous. For
efficiency reasons, the hosts are chopped into groups of 2048 and
then each group is internally shuffled (the groups still go in
order).
-- Rearranged the help ('nmap -h' or 'nmap' or 'nmap --help') screen
to be shorter (37 -> 23 lines!) and include some of the new
features of this release. The man page was updated as well.
-- Fixed longstanding bug where nmap -sS mylocalnetwork/24 would not
successfully scan the host running nmap.
-- Internal improvements to make scanning faster with -i (input list)
or when you specify multiple machines on the command line.
-- Uses faster GCD algorithm and fixed several typos (sent in by Peter
Kosinar).
-- Provide more information in machine/human readable output files
(start time, end time, RPC program name, Nmap version number)
-- Killed the -A option (if you don't know what that is then you won't
miss it. In fact, even if you do know what it is you won't miss
it.)
** Version 2.3BETA10
-- Added about 70 new OS fingerprints so that Nmap can detect more
systems. The most important new fingerprints are probably:
* The new SP5+ NT boxes -- After all these years MS FINALLY made
sequence prediction harder (on NT anyway).
* Solaris 8 Pre-Release
* Sega Dreamcast (Hack that!)
* Latest Windows 2000 builds
* OpenBSD 2.6
** Version 2.3BETA9
-- Applied patch by Mark Abene (Phiber Optik) to fix several type
length issues so that it works on Linux/Alpha.
-- Applied patch by Matthieu Verbert <mve (at) zurich.ibm.com> to speed up OSScan
** Version 2.3Beta8
-- Added "firewall mode" timing optimizations which can decrease the
ammount of time neccessary to SYN or connect scan some heavily
filtered hosts.
-- Added min_rtt_timeout timing option (see man page for details)
-- Changed "TCP Ping" to use a random ACK value rather than 0 (an IDS
called Snort was using this to detect Nmap TCP Pings).
-- Some changes for better Alpha/Linux support based on investigation
by Bill Beers <wbeers (at) carolina.rr.com>
-- Applied changes for FDDI support by Tobias J. Nijweide <tobias (at) mesa.nl
-- Applied a socket binding patch from LaMont Jones <lamont (at) security.hp.com>
which can be useful when using -S to specify one of multiple interfaces
on a machine.
-- Made OS detection smart enough to first check scan results for a known
closed port instead of immediately resorting to a random one. This
improves OS detection against some machines behind packet
filters. (suggested by van Hauser)
-- Applied a shortcut suggestion by Thomas Reinke which can lead to
a tremendous speedup against some firewalled hosts.
-- Added some ports commonly used for RPC to nmap-services
-- Fixed a problem with the timing of an RPC scan (could come before
the UDP scans they rely on)
-- Added a number of new ports to nmap-services
** Version 2.3Beta6 **
-- Added sophisticated timing controls to give the user much more
control over Nmap's speed. This allows you to make Nmap much more
aggressive to scan hosts faster, or you can make Nmap more "polite"
-- slower but less likely to wreak havoc on your Network. You can
even enforce large delays between sending packets to sneak under
IDS thresholds and prevent detection. See the new "Timing Options"
section of the Nmap man page for more information on using this.
-- Applied Lamont Granquist's <lamontg (at) u.washington.edu> Window
scan patch (I changed the name from ACK scan to Window scan since I
may add another scan that uses ACK packets and I don't want them to
be confused). -sW activates this scan type. It is mostly
effective against BSD, AIX, Digital UNIX, and various older HP/UX,
SunOS, and VAX. (See nmap-hackers mailing list archives for an
extensive list).
-- Added various long options people expect to see like --version ,
--help , --usage , etc. Some of the new timing options are also
long. I had to add getopt_long C files since most non-Linux boxes
don't support getopt_long in libc.
-- Human readable (-o) output changed to include the time/date of the
scan. Suggested by van Hauser.
** Version 2.3-Beta5 ***
-- Changed RPC output based on suggestions by David O'Brien
<obrien (at) NUXI.com> and Lance Spitzner <lance (at) spitzner.net>. I got
rid of the "(Non-RPC)" unnecessary clutter which appeared after
each non RPC port and the "(untested)" that appeard after each
"filtered" port.
-- Added a ton of new OS fingerprints people submitted. I had about
400 in my inbox. Of course, almost 100 of them were submissions for
www.windows2000test.com :).
-- Changed the machine parseable output of RPC information to include
the version information. If we figured out the RPC info, it is now
provided as "program-num*lowversion-highversion". If we didn't get
the number, but we think the port is RPC, the field simply contains
"R". If we believe the port is NOT RPC, then the field contains
"N". If the field is empty, we did not RPC scan the port. Thanks
to H D Moore <nlog (at) ings.com> for making me aware how much the
earlier machine parseable RPC logging sucked :).
*** Version 2.3-Beta4 ***
-- Added direct (non-portmapper) RPC scanning to determine what RPC
program is listening on a particular port. This works for UDP and
TCP ports and is currently implemented using sockets (which means
you can't use decoys, but on the other hand you don't have to be
root). Thanks go to ga <ga (at) capyork.com> for writing sample code to
demonstrate the technique. The RPC services list included with
nmap was compiled by Vik Bajaj <vbajaj (at) sas.upenn.edu> with help
from various members of the nmap-hackers list.
-- Fixed a problem that could cause freezes when you
scan machines on at least two different types of interfaces as part
of the same command.
-- Identified and found workaround for Linux kernel bug which allows
connect() to sometimes succeed inapropriately when scanning closed
ports on localhost.
-- Fixed problems relating to people who specify the same port more
than once on the command line. While the right answer is "well,
don't do that!", I decided to fix nmap to handle this gracefully.
-- Tweaked UDP scanning to be more effective against Solaris ICMP
error limiting.
-- Fixed strtol() integer overflow problem found by Renaud
Deraison <deraison (at) cvs.nessus.org>
-- The HTML translation of the Man page at
http://www.insecure.org/nmap/nmap_manpage.html should now be
complete (man2html was dropping lines before).
-- Added a note in the man page that Nmap 2.0+ is believed to be
COMPLETELY Y2K COMPLIANT! I've been getting a lot of letters from
laywers about that recently. You should still be able to port scan on
Jan 1st (well ... as long as you have electricity and gangs of looting
thugs haven't stolen your computers :)
*** Version 2.2-Beta4 ***
-- Integrated nmapfe code from Zach Smith to allow
the nmapfe output window to resize when you resize the nmapfe window.
-- Integrated patch sent in by Stefan Erben <stefan (at) erben.com> which
allows nmap to recognize and ignore null interfaces. If you were
getting a bogus error like "eth0 not found in /proc/net/route" then
this should solve your problem.
-- Applied patch from Alexander Savelyev <fano (at) ham.kiev.ua> which
gives nmap the parameters necessary to support SLIP and PPP on BSDI
systems.
-- Upgraded to a new version of shtool (1.2.3)
*** Version 2.2-Beta3 ***
-- Adopted Ralf S. Engelschall's excellent shtool script
for simplifying the nmap makefile and making it more portable
-- Various other minor changes to nmapfe.
*** Version 2.2-Beta2 ***
-- Cleaned up build environment more, fixed up RPM and Makefile.in,
eliminated the automake stuff.
-- Added nmapfe feature to show nmap command as you change options
-- Changed nmapfe to use a global MyWidgets struct rather than
tons of global vars all over the place.
-- Made nmapfe much smarter about rejecting stupid option attempts.
It now tries to correct things when you specify illegal options.
-- GTK+ 1.0 compatibility fixes
-- Integrated nmapfe changes from Zach
*** Version 2.2-BETA1 Changes ***
-- Integrated in nmapfe -- a cool front end wrottem by Zach Smith <matrxweb (at) hotmail.com>
*** Version 2.12 Changes ***
-- Changed the way tcp connect() scan determines the results of a
connect() call. Hopefully this will make nmap a little more
portable.
-- Got rid of the security warning message for people who are missing
/dev/random and /dev/urandom due to complaints about the warning.
This only silences the warnings -- it still uses relatively weak
random number generation under Solaris and other systems that lack
this functionality.
-- Eliminated pow() calls on Linux boxes. I think some sort of glibc
bug was causing nmap to sigsegv in some cases inside of pow().
Most people weren't affected, but those who were would almost
always SIGSEGV with -O.
-- Fixed an rpm problem noted by Mark Smith <marks (at) senet.com.au>
*** Version 2.11 Changes ***
-- Many new fingerprints added. I received more than 300 submissions
between this release and the last one.
-- Fixed IRIX problems which prevented OS scanning from working on
that platform. The problem was researched and solution found by
Lamont Granquist <lamontg (at) u.washington.edu>. You can also thank
him for porting nmap to almost every UNIX around.
-- Added support for '-m -' to redirect machine readable logs to
stdout for shell pipelining, etc. I also changed machine readable
output to show service names now that we use a nmap specific
services file rather than /etc/services. These features were
suggested by Dan Farmer. You can also thank him for SATAN (the
auditing tool).
-- Fixed a link-list bug that could cause hangs in UDP,FIN,NULL, and
XMAS scans. Also fixed a ptr problem that could cause SIGSEGV.
These problem were discovered and tracked down by Ben Laurie
<ben (at) algroup.co.uk>. You can also thank him for Apache, OpenSSL,
and Apache-SSL.
-- Fixed installation problem for people without a /usr/local/man/man1
directory. Found by Jeffrey Robertson <a-jeffro (at) microsoft.com>.
I guess you can thank him for Win98 ;).
-- Several other little fixes to the installation script and minor
scanner tweaks.
*** Version 2.10 Changes ***
-- Private test release
*** Version 2.09 Changes ***
-- Private test release
*** Version 2.08 Changes ***
-- Bugfix for problem that can cause nmap to appear to "freeze up" for long
periods of time when run on some busy networks. (found by Lamont Granquist)
*** Version 2.07 Changes ***
-- Fixed a lockup on Solaris (and perhaps other proprietary UNIX
systems) caused by a lack of /dev/random & /dev/urandom and a
rand() that only returns values up to 65535. Users of Free
operating systems like Linux, FreeBSD, or OpenBSD probably
shouldn't bother upgrading.
***Version 2.06 Changes***
-- Fixed compile problems on machines which lack snprintf() (found by Ken
Williams <jkwilli2 (at) unity.ncsu.edu>)
-- Added the squid proxy to nmap-services (suggested by Holger Heimann)
-- Fixed a problem where the new memory allocation system was handing out
misaligned pointers.
-- Fixed another memory allocation bug which probably doesn't cause any
real-life problems.
-- Made nmap look in more places for nmap-os-fingerprints
***Version 2.05 Changes***
-- Tons of new fingerprints. The number has grown by more than 25%.
In particular, Charles M. Hannum <root (at) ihack.net> fixed several
problems with NetBSD that made it easy to fingerprint and he sent me
a huge new batch of fingerprints for various NetBSD releases down to
1.2. Other people sent NetBSD fingerprints down to 1.0. I finally
got some early Linux fingerprints in (down to 1.09).
-- Nmap now comes with its own nmap-services which I created by
merging the /etc/services from a bunch of OS' and then adding
Netbus, Back Orifice, etc.
-- Random number generation now takes advantage of the /dev/urandom or
/dev/random that most Free operating systems offer.
-- Increased the maximum number of OS guesses nmap will make, told
nmap never to give you two matches where the OS names are
byte-to-byte equivalent. Fixed nmap to differentiate between "no
OS matches found" and "too many OS matches to list".
-- Fixed an information leak in the packet TTL values (found by
HD Moore <hdmoore (at) usa.net>)
-- Fixed the problem noted by Savva Uspensky about offsets used for
various operating systems' PPP/SLIP headers. Due to lack of
responses regarding other operating systems, I have made
assumptions about what works for BSDI, NetBSD, and SOLARIS. If
this version no longer works on your modem, please let me know (and
tell me whether you are using SLIP/PPP and what OS you are
running).
-- Machine parseable logs are now more machine parseable (I now use a
tab to seperate test result fields rather than the more ambiguous
spaces. This may break a few things which rely on the old format.
Sorry. They should be easy to fix.
-- Added my nmap-fingerprintinting-article.txt to the distribution in
the docs directory.
-- Fixed problem where nmap -sS <my_ethernet_or_ppp_ip_address> would
not correctly scan localhost (due to the kernel rerouting the
traffic through localhost). Nmap should now detect and work around
this behavior.
-- Applied patch sent to my by Bill Fenner <fenner (at) parc.xerox.com>
which fixes various SunOS compatibility problems.
-- Changed the makefile 'all' target to use install-sh rather than
mkdir -p (doesn't work on some systems)
-- Documentation updated and clarified slightly.
-- Added this CHANGELOG file to the distribution.