# An advanced service/version detection system was added after months of private development. Now instead of using a simple nmap-services table lookup to determine a port's likely purpose, Nmap will (if asked) interrogate that TCP or UDP port to determine what service is really listening. In many cases it can determine the application name and version number as well. IPv6, SSL encryption, and SunRPC program number brute forcing are all supported. Thanks to a huge number of contributors, the database now contains more than a thousand signatures, representing 180 unique service protocols from acap, afp, and aim to xml-rpc, zebedee, and zebra. # The OS detection database has also improved dramatically. There are now 1,121 fingerprints in the DB (from 700 in 3.30). Most recently added were Linux 2.6.X, Mac OS X up to 10.3.2 (Panther), OpenBSD 3.4 (normal and pf "scrub all"), FreeBSD 5.2, the latest Windows Longhorn warez, and Cisco PIX 6.3.3. As usual, there are a ton of new consumer devices from ubiquitous D-Link, Linksys, and Netgear broadband routers to a number of new IP phones including the Cisco devices commonly used by Vonage. # MS Windows support has improved substantially. Newer features such as version detection are supported, and the Windows port is also faster and more stable. # Mac OS X is now fully supported # SCO Corporation of Lindon, Utah (formerly Caldera) has lately taken to an extortion campaign of demanding license fees from Linux users for code that they themselves knowingly distributed under the terms of the GNU GPL. They have also refused to accept the GPL, claiming that some preposterous theory of theirs makes it invalid (and even unconstitutional)! Meanwhile they have distributed GPL-licensed Nmap in (at least) their "Supplemental Open Source CD". In response to these blatant violations, and in accordance with section 4 of the GPL, we hereby terminate SCO's rights to redistribute any versions of Nmap in any of their products, including (without limitation) OpenLinux, Skunkware, OpenServer, and UNIXWare. We have also stopped supporting the OpenServer and UNIXWare platforms. # Major changes were made to the NmapFE UNIX GUI. It now uses tabs and supports all of the major Nmap command-line options. Most of this work was done by Peter Marschall (peter(a)adpm.de). # Nmap output is more concise and prettier, thanks to a new NmapOutputTable class that reduces extraneous whitespace. This makes it easier to read, and also leaves more room for version info and possibly future enhancements. # Major parts of the codebase have been rewritten. Nmap now compiles with C++ rather than ANSI C, and it lightly uses the Standard Template Library (STL). The excellent libpcre (Perl Compatible Regular Expressions) library has been added, as has a custom parallel socket library (nsock). Libpcap has been updated to version 0.7.2, and the latest autoconf version is being used. # Every one of the OS fingerprints was examined to normalize the descriptions. I also looked up what all of the devices are (thanks E*Bay and Google!). Results like "Nexland ISB Pro800 Turbo" and "Siemens 300E Release 6.5" are much more useful when followed by "cable modem" and "business phone system" # Added a new classification system to nmap-os-fingerprints. In addition to the standard text description, each entry is now classified by vendor name (e.g. Sun), underlying OS (e.g. Solaris), OS generation (e.g. 7), and device type ("general purpose", router, switch, game console, etc). This can be useful if you want to (say) locate and eliminate the SCO systems on a network, or find the wireless access points (WAPs) by scanning from the wired side. # Nmap will now sometimes guess the remote operating system in the "no exact matches" case, even if you don't use the secret --osscan_guess or --fuzzy options. # Nmap now compiles under Amiga thanks to patches sent by Diego Casorran (dcr8520(a)amiga.org). # Added UDP-based "ping" scanning. The -PU option can take an optional portlist like the TCP "ping" options (-PS, -PA), but it sends a UDP packet to the targets and expects hosts that are up to reply with a port unreachable (or possibly a UDP response if the port is open). This one is likely to work best against closed ports, since many open ports don't respond to empty requests. # The random IP input option (-iR) now takes an argument specifying how many IPs you want to scan (e.g. -iR 1000). This reduces the risk of forgetting about a scan and leaving it running all night, then waking up to angry mail from your ISP . Specify 0 for the old never-ending scan behavior. # Made substantial changes to the SYN/connect()/Window scanning algorithms for improved speeds, especially against heavily filtered hosts. Also made numerous improvements to the timing behavior of "-T Aggressive" (same as -T4) scans. -T4 is now recommended for regular use by users on broadband or direct ethernet connections. One scan against a firewalled host that took 556 seconds with 3.15BETA2 now takes only 41 seconds with Nmap 3.50 and the -T4 option. # Added support for a brand new "port" that many people have never scanned before! UDP & TCP "port 0" (and IP protocol 0) are now permitted if you specify 0 explicitly. An argument like "-p -40" would still scan ports 1-40. Unlike ports, protocol 0 IS now scanned by default. This now works for ping probes too (e.g., -PS, -PA). # Applied patch by Martin Kluge (martin(a)elxsi.info) which adds --ttl option, which sets the outgoing IPv4 TTL field in packets sent via all raw scan types (including ping scans and OS detection). A TTL of 0 is supported, and even tends to work on a LAN:
14:17:19.474293 192.168.0.42.60214 > 192.168.0.40.135: S 326:326(0) [ttl 0] 14:17:19.474456 192.168.0.40.135 > 192.168.0.42.60214: S 280:280(0) ack 326 (ttl 128)
# added a new --datadir command line option which allows you to specify the highest priority directory for Nmap data files nmap-services, nmap-os-fingerprints, and nmap-rpc. Any files which aren't in the given dir, will be searched for in the $NMAPDIR environmental variable, ~/nmap/, a compiled in data directory (e.g. /usr/share/nmap), and finally the current directory. # To emphasize the highly professional nature of Nmap, all instances of "(filtered) up" in error message text has been changed to "b0rked". # IPv6 is now supported for many of the most important scan types, including TCP scan (-sT), connect()-style ping scan (-sP), list scan (-sL), and version detection. Just specify the -6 option and the IPv6 numbers or DNS names. Netmask notation is not currently supported -- I'm not sure how useful it is for IPv6, where even petty end users may be allocated trillions of addresses (/80). # Multiple TCP/UDP ports can now be specified for the "ping scanning phase". You can also now specify multiple ping types (e.g. UDP, TCP SYN, ICMP echo request, and TCP ACK). So you can now do combinations such as "-PS22,53,80 -PT113 -PN -PE" in order to increase your odds of passing through strict filters. # Reworked the "ping scan" algorithm (used for any scan except -P0 or -sL) to be more robust in the face of low-bandwidth and congested connections. This also improves reliability in the multi-port and multi-type ping cases described below. # Applied patch by Max Schubert (nmap(a)webwizarddesign.com) which adds an add-port XML tag whenever a new port is found open when Nmap is running in verbose mode. The new tag looks like: [addport state="open" portid="22" protocol="tcp"/] I also updated docs/nmap.dtd to recognize this new tag. # Added --packet_trace option, which tells Nmap to display all of the packets it sends and receives in a format similar to tcpdump. I mostly added this for debugging purposes, but people wishing to learn how Nmap works or for experts wanting to ensure Nmap is doing exactly what they expect. # Hundreds of more minor features, bugfixes, and portability enhancements.
Most people don't secure their computers or act in a secure manner, and the main reason is that the average user just doesn't know what to do. Here is a checklist on security for home computer users that you can share with your friends, family, churches and clubs.
fine that you are awakened that fast.. this was posted already a while ago, not to mention that its been out for > 1 month now
QUOTE
February 20, 2004 (3:14 AM PST) -- Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 3.50 from http://www.insecure.org/nmap/ .
damulint
Mar 2 2004, 12:37 AM
Thank U.. Fast information.. I dont think the latest nmap.. Usefully ..
Tyrano
Mar 2 2004, 02:44 AM
awesome. nmap remains the king and now with an improved version checker...the possibilities are endless.
easternerd
Mar 2 2004, 05:40 PM
i think ure wrong it wasnt very long it was released some 5 days back.. u really cant keep a tab on everything.. and i think this version is the best of all.. its got amazing features..
phrozen77
Mar 2 2004, 09:38 PM
QUOTE
and i think this version is the best of all.. its got amazing features..
ack
QUOTE
u really cant keep a tab on everything..
another ack, but u better keep an eye on the basic stuff like windows updates every now and then... i also consider nmap as a "basic" thing for everyone who is serious about what hes doing
QUOTE
i think ure wrong it wasnt very long it was released some 5 days back..
wrong, i already got it since it was released, just look at my quote from my other post, this is an official statement from insecure.org, to be reviewed here
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
. Specify 0 for the old never-ending scan behavior.
