Next | Query returned 45 messages, browsing 21 to 30 | Previous

History of commit frequency

CVS Commit History:


   2005-01-20 13:03:37 by Lubomir Sedlacik | Files touched by this commit (3)
Log message:
Update to version 3.78

Changes:

- The XML nmaprun element now has a startstr attribute which gives the
  human readable calendar time format that a scan started.  Similarly
  the finished element now has a timestr attribute describing when the
  scan finished.  These are in addition to the existing nmaprun/start
  and finished/time attributes that provided the start and finish time
  in UNIX time_t notation.  This should help in development of better
  XSLT stylesheets for Nmap XML output.

- Added new "closed|filtered" state.  This is used for Idlescan, since
  that scan method can't distinguish between those two staes.  Nmap
  previously just used "closed", but this is more accurate.

- Rewrote the host IP (target specification) parser for easier
  maintenance and to fix a bug found by Netris (netris(a)ok.kz)

- Fixed compilation on soem HP-UX 11 boxes thanks to a patch by Petter
  Reinholdtsen (pere(a)hungry.com).

- Fixed a portability problem on some OpenBSD and FreeBSD machines
  thanks to a patch by Okan Demirmen (okan(a)demirmen.com).

- Added an NTP probe and matches to the version detection database
  (nmap-service-probes) thanks to a submission from Martin Macok
  (martin.macok@underground.cz).
   2004-11-26 15:39:26 by Lubomir Sedlacik | Files touched by this commit (1) | Package updated
Log message:
Sync with the latest nmap update. (hi adam!)
   2004-10-19 09:03:29 by Lubomir Sedlacik | Files touched by this commit (1)
Log message:
Sync with nmap 3.75
   2004-10-03 02:18:40 by Todd Vierling | Files touched by this commit (863)
Log message:
Libtool fix for PR pkg/26633, and other issues.  Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
   2004-09-01 03:20:51 by Lubomir Sedlacik | Files touched by this commit (3) | Package updated
Log message:
Update to version 3.70.

Significant changes:

- Rewrote core port scanning engine, which is now named ultra_scan().
  Improved algorithms make this faster (often dramatically so) in
  almost all cases.  Not only is it superior against single hosts, but
  ultra_scan() can scan many hosts (sometimes hundreds) in parallel.
  This offers many efficiency/speed advantages.  For example, hosts
  often limit the ICMP port unreachable packets used by UDP scans to
  1/second.  That made those scans extraordinarily slow in previous
  versions of Nmap.  But if you are scanning 100 hosts at once,
  suddenly you can receive 100 responses per second.  Spreading the
  scan amongst hosts is also gentler toward the target hosts.  Nmap
  can still scan many ports at the same time, as well.  If you find
  cases where ultra_scan is slower or less accurate, please send a
  report (including exact command-lines, versions used, and output, if
  possible) to Fyodor.

- Added --max_hostgroup option which specifies the maximum number of
  hosts that Nmap is allowed to scan in parallel.

- Added --min_hostgroup option which specifies the minimum number of
  hosts that Nmap should scan in parallel (there are some exceptions
  where Nmap will still scan smaller groups -- see man page).  Of
  course, Nmap will try to choose efficient values even if you don't
  specify hostgroup restrictions explicitly.

- Rewrote TCP SYN, ACK, Window, and Connect() scans to use
  ultra_scan() framework, rather than the old pos_scan().

- Rewrote FIN, Xmas, NULL, Maimon, UDP, and IP Protocol scans to use
  ultra_scan(), rather than the old super_scan().

- Overhauled UDP scan.  Ports that don't respond are now classified as
  "open|filtered" (open or filtered) rather than "open".  \ 
The (somewhat
  rare) ports that actually respond with a UDP packet to the empty
  probe are considered open.  If version detection is requested, it
  will be performed on open|filtered ports.  Any that respond to any of
  the UDP probes will have their status changed to open.  This avoids a
  the false-positive problem where filtered UDP ports appear to be
  open, leading to terrified newbies thinking their machine is
  infected by back orifice.

- Nmap now estimates completion times for almost all port scan types
  (any that use ultra_scan()) as well as service scan (version
  detection).  These are only shown in verbose mode (-v).  On scans
  that take more than a minute or two, you will see occasional updates
  like:
  SYN Stealth Scan Timing: About 30.01% done; ETC: 16:04 (0:01:09 remaining)
  New updates are given if the estimates change significantly.

- Added --exclude option, which lets you specify a comma-separated
  list of targets (hosts, ranges, netblocks) that should be excluded
  from the scan.  This is useful to keep from scannig yourself, your
  ISP, particularly sensitive hosts, etc.  The new --excludefile reads
  the list (newline-delimited) from a given file.  All the work was
  done by Mark-David McLaughlin (mdmcl(a)cisco.com> and William McVey
  ( wam(a)cisco.com ), who sent me a well-designed and well-tested
  patch.

- Nmap now has a "port scan ping" system.  If it has received at least
  one response from any port on the host, but has not received
  responses lately (usually due to filtering), Nmap will "ping" that
  known-good port occasionally to detect latency, packet drop rate,
  etc.

- Service/version detection now handles multiple hosts at once for
  more efficient and less-intrusive operation.

- Nmap now wishes itself a happy birthday when run on September 1 in
  verbose mode!  The first public release was on that date in 1997.

- The port randomizer now has a bias toward putting
  commonly-accessible ports (80, 22, etc.) near the beginning of the
  list.  Getting a response early helps Nmap calculate response times and
  detect packet loss, so the scan goes faster.

- Host timeout system (--host_timeout) overhauled to support host
  parallelization.  Hosts times are tracked separately, so a host that
  finishes a SYN scan quickly is not penalized for an exceptionally
  slow host being scanned at the same time.

- When Nmap has not received any responses from a host, it can now
  use certain timing values from other hosts from the same scan
  group.  This way Nmap doesn't have to use absolute-worst-case
  (300bps SLIP link to Uzbekistan) round trip timeouts and such.

- Enabled MAC address reporting when using the Windows version
  of Nmap.  Thanks to Andy Lutomirski (luto(a)stanford.edu) for
  writing and sending the patch.

- Workaround crippled raw sockets on Microsoft Windows XP SP2 scans.
  I applied a patch by Andy Lutomirski (luto(a)stanford.edu) which
  causes Nmap to default to winpcap sends instead.  The winpcap send
  functionality was already there for versions of Windows such as NT and
  Win98 that never supported Raw Sockets in the first place.

- Changed how Nmap sends Arp requests on Windows to use the iphlpapi
  SendARP() function rather than creating it raw and reading the
  response from the Windows ARP cache.  This works around a
  (reasonable) feature of Windows Firewall which ignored such
  unsolicited responses.  The firewall is turned on by default as of
  Windows XP SP2.  This change was implemented by Dana Epp
  (dana(a)vulscan.com).

- Fixed some Windows portability issues discovered by Gisle Vanem
  (giva(a)bgnett.no).

- Upgraded libpcap from version 0.7.2 to 0.8.3.  This was an attempt
  to fix an annoying bug, which I then found was actually in my code
  rather than libpcap :).

- Removed Ident scan (-I).  It was rarely useful, and the
  implementation would have to be rewritten for the new ultra_scan()
  system.  If there is significant demand, perhaps I'll put it back in
  sometime.

- Documented the --osscan_limit option, which saves time by skipping
  OS detection if at least one open and one closed port are not found on
  the remote hosts.  OS detection is much less reliable against such
  hosts anyway, and skipping it can save some time.

- Updated nmapfe.desktop file to provide better NmapFE desktop support
  under Fedora Core and other systems.  Thanks to Mephisto
  (mephisto(a)mephisto.ma.cx) for sending the patch.

- Further nmapfe.desktop changes to better fit the freedesktop
  standard.  The patch came from Murphy (m3rf(a)swimmingnoodle.com).

- Fixed capitalization (with a perl script) of many over-capitalized
  vendor names in nmap-mac-prefixes.

- Ensured that MAC address vendor names are always escaped in XML
  output if they contain illegal characters (particularly '&').  Thanks
  to Matthieu Verbert (mve(a)zurich.ibm.com) for the report and a patch.

- Changed xmloutputversion in XML output from 1.0 to 1.01 to note that
  there was a slight change (which was actually the MAC stuff in 3.55).
  Thanks to Lionel CONS (lionel.cons(a)cern.ch) for the suggestion.

- Many Windows portability fix and bug fixes, thanks to patch from
  Gisle Vanem (giva(a)bgnett.no).  With these changes, he was able to
  compile Nmap on Windows using MingW + gcc 3.4 C++ rather than MS
  Visual Studio.

- Removed (addport) tags from XML output.  They used to provide open
  ports as they were discovered, but don't work now that the port
  scanners scan many hosts at once.  They did not specify an IP
  address.  Of course the appropriate (port) tags are still printed
  once scanning of a target is complete.

- Configure script now detects GNU/k*BSD systems (whatever those are),
  thanks to patch from Robert Millan (rmh@debian.org)

- Fixed various crashes and assertion failures related to the new
  ultra_scan() system, that were found by Arturo "Buanzo" Busleiman
  (buanzo(a)buanzo.com.ar), Eric (catastrophe.net), and Bill Petersen
  (bill.petersen(a)alcatel.com).

- Fixed some minor memory leaks relating to ping and list scanning as
  well as the Nmap output table.  These were found with valgrind (
  http://valgrind.kde.org/ ).

- Provide limited --packet_trace support for TCP connect() (-sT)
  scans.

- Fixed compilation on certain Solaris machines thanks to a patch by
  Tom Duffy (tduffy(a)sun.com)

- Fixed some warnings that crop up when compiling nbase C files with a
  C++ compiler.  Thanks to Gisle Vanem (giva(a)bgnett.no) for sending
  the patch.

- Tweaked the License blurb on source files and in the man page.  It
  clarifies some issues and includes a new GPL exception that
  explicitly allows linking with the OpenSSL library.  Some people
  believe that the GPL and OpenSSL licenses are incompatable without
  this special exception.

- Fixed some serious runtime portability issues on *BSD systems.
  Thanks to Eric (catastrophe.net) for reporting the problem.

- Changed the argument parser to better detect bogus arguments to the
  -iR option.

- Removed a spurious warning message relating to the Windows ARP cache
  being empty.  Patch by Gisle Vanem (giva(a)bgnett.no).

- Removed some C++-style line comments (//) from nbase, because some C
  compilers (particularly on Solaris) barf on those.  Problem reported
  by Raju Alluri <Raju.Alluri(a)Sun.COM>
   2004-07-07 22:54:35 by Lubomir Sedlacik | Files touched by this commit (4) | Package updated
Log message:
Updated to version 3.55.

Changes:
========
- Added MAC address printing.  If Nmap receives packet from a target
  machine which is on an Ethernet segment directly connected to the
  scanning machine, Nmap will print out the target MAC address.  Nmap
  also now contains a database (derived from the official IEEE
  version) which it uses to determine the vendor name of the target
  ethernet interface.  The Windows version of Nmap does not yet have
  this capability.  If any Windows developer types are interesting in
  adding it, you just need to implement IPisDirectlyConnected() in
  tcpip.cc and then please send me the patch.  Here are examples from
  normal and XML output (angle brackets replaced with [] for HTML
  changelog compatability):
  MAC Address: 08:00:20:8F:6B:2F (SUN Microsystems)
  [address addr="00:A0:CC:63:85:4B" vendor="Lite-on \ 
Communications"
   addrtype="mac" /]

- Updated the XML DTD to support the newly printed MAC addresses.
  Thanks to Thorsten Holz (thorsten.holz(a)mmweg.rwth-aachen.de) for
  sending this patch.

- Added a bunch of new and fixed service fingerprints for version
  detection.  These are from Martin Macok
  (martin.macok(a)underground.cz).

- Normalized many of the OS names in nmap-os-fingerprints (fixed
  capitalization, typos, etc.).  Thanks to Royce Williams
  (royce(a)alaska.net) and Ping Huang (pshuang(a)alum.mit.edu) for
  sending patches.

- Modified the mswine32/nmap_performance.reg Windows registry file to
  use an older and more compatable version.  It also now includes the
  value "StrictTimeWaitSeqCheck"=dword:00000001 , as suggested by Jim
  Harrison (jmharr(a)microsoft.com).  Without that latter value, the
  TcpTimedWaitDelay value apparently isn't checked.  Windows users
  should apply the new registry changes by clicking on the .reg file.
  Or do it manually as described in README-WIN32.  This file is also
  now available in the data directory at
  http://www.insecure.org/nmap/data/nmap_performance.reg

- Applied patch from Gisle Vanem (giva(a)bgnett.no) which allows the
  Windows version of Nmap to work with WinPCAP 3.1BETA (and probably
  future releases).  The Winpcap folks apparently changed the encoding
  of adaptor names in this release.

- Fixed a ping scanning bug that would cause this error message: "nmap:
  targets.cc:196: int hostupdate (Target **, Target *, int, int, int,
  timeout_info *, timeval *, timeval *, pingtune *, tcpqueryinfo *,
  pingstyle): Assertion `pt->down_this_block > 0' failed."  Thanks to
  Beirne Konarski (beirne(a)neo.rr.com) for reporting the problem.

- If a user attempts -PO (the letter O), print an error suggesting
  that they probably mean -P0 (Zero) to disable ping scanning.

- Applied a couple patches (with minor changes) from Oliver Eikemeier
  (eikemeier(a)fillmore-labs.com) which fix an edge case relating to
  decoy scanning IP ranges that must be sent through different
  interfaces, and improves the Nmap response to certain error codes
  returned by the FreeBSD firewall system.  The patches are from
  http://cvsweb.freebsd.org/ports/security/nmap/files/ .

- Many people have reported this error: "checking for type of 6th
  argument to recvfrom()... configure: error: Cannot find type for 6th
  argument to recvfrom()".  In most cases, the cause was a missing or
  broken C++ compiler.  That should now be detected earlier with a
  clearer message.

- Fixed the FTP bounce scan to better detect filered ports on the
  target network.

- Fixed some minor bugs related to the new MAC address printing
  feature.

- Fixed a problem with UDP-scanning port 0, which was reported by
  Sebastian Wolfgarten (sebastian(a)wolfgarten.com).

- Applied patch from Ruediger Rissmann (RRI(a)zurich.ibm.com), which
  helps Nmap understand an EACCESS error, which can happen at least
  during IPv6 scans from certain platforms to some firewalled targets.

- Renamed ACK ping scan option from -PT to -PA in the documentation.
  Nmap has accepted both names for years and will continue to do
  so.

- Removed the notice that Nmap is reading target specifications from a
  file or stdin when you specify the -iL option.  It was sometimes
  printed to stdout even when you wanted to redirect XML or grepable
  output there, because it was printed during options processing before
  output files were handled.  This change was suggested by Anders Thulin
  (ath(a)algonet.se).

- Added --source_port as a longer, but hopefully easier to remember,
  alias for -g.  In other words, it tries to use the constant source
  port number you specify for probes.  This can help against poorly
  configured firewalls that trust source port 20, 53, and the like.

- Removed undocumented (and useless) -N option.

- Fixed a version detection crash reported in excellent detail by
  Jedi/Sector One (j(a)pureftpd.org).

- Applied patch from Matt Selsky (selsky(a)columbia.edu) which helps
  Nmap build with OpenSSL.

- Modified the configure/build system to fix library ordering problems
  that prevented Nmap from building on certain platforms.  Thanks to
  Greg A. Woods (woods(a)weird.com) and Saravanan
  (saravanan_kovai(a)HotPop.com) for the suggestions.

- Applied a patch to Makefile.in from Scott Mansfield
  (thephantom(a)mac.com) which enables the use of a DESTDIR variable
  to install the whole Nmap directory structure under a different root
  directory.  The configure --prefix option would do the same thing in
  this case, but DESTDIR is apparently a standard that package
  maintainers like Scott are used to.  An example usage is
  "make DESTDIR=/tmp/packageroot".

- Removed unnecessary banner printing in the non-root connect() ping
  scan.  Thanks to Tom Rune Flo (tom(a)x86.no) for the suggestion and
  a patch.

- Updated the headers at the top of each source file (mostly to
  advance the copyright year to 2004 and note that Nmap is a registered
  trademark).
   2004-04-25 09:44:34 by Soren Jacobsen | Files touched by this commit (1)
Log message:
Convert to buildlink3.
   2004-03-26 03:28:02 by Thomas Klausner | Files touched by this commit (572) | Package updated
Log message:
PKGREVISION bump after openssl-security-fix-update to 0.9.6m.
Buildlink files: RECOMMENDED version changed to current version.
   2004-01-22 12:20:38 by Lubomir Sedlacik | Files touched by this commit (1) | Package updated
Log message:
PKGREVISION++
Sync with the latest nmap update.
   2003-10-13 17:02:43 by Lubomir Sedlacik | Files touched by this commit (1) | Package updated
Log message:
Sync with the latest nmap update.

Next | Query returned 45 messages, browsing 21 to 30 | Previous