Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 7 reacties
Bron: Nmap

Nmap is een programma voor het verkennen en controleren van een netwerk. Het is ontworpen om zonder vertragingen een groot netwerk te scannen, en het werkt ook zonder problemen op een enkele host. Het programma maakt gebruik van zogeheten 'raw ip packets' om actieve hosts en informatie over de beschikbare services te achterhalen. Meer informatie over de mogelijkheden is te vinden op deze pagina. De ontwikkelaars hebben weer een nieuwe bètaversie uitgebracht waarmee onder andere de Conficker-worm opgespoord kan worden. Het versienummer is vastgezet op 4.85 bèta 6 en voorzien van de volgende aankondiging:

Hi Folks! In case you missed all the news reports yesterday, a couple great researchers from the Honeynet Project (Tillmann Werner and Felix Leder) and Dan Kaminsky came up with a way to remotely detect the Conficker worm which has infected millions of machines worldwide. Some say 15,000,000 machines infected, but that might just be exaggerated AV-company BS for all I know. But there are clearly millions of infections, and this massive botnet is scheduled for a new update cycle starting tomorrow. Will this cause Internet doom? No, but the bad guys might fix the mechanism that lets us remotely detect 'em. Or they might engage in other mischief with their botnet. That's why we did the emergency releases--so you can scan for and remove them early! During the process, I had to infect one of my systems with Conficker for testing, and Nmap even got booted from Dreamhost's "unlimited bandwidth" hosting because the downloads were taking too much bandwidth. They said:
    "Sadly your file nmap-4.85BETA5-setup.exe, and a few similar, were getting so many downloads on your machine, iceman, that it saturated out the 100mbit connection on it, and cause everyone else's sites to go down."
Dreamhost blocked further downloads, but we quickly switched to using our colocation provider and also got some mirroring help from Brandon Enright at UCSD! So UCSD is hosting 4.85BETA6. Of course I'd like to thank Ron Bowes who wrote the detection code (it is an update to his existing smb-check-vulns SMB script). David Fifield was a huge help too.

An example Conficker scan command is:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnets]

A clean machine should report at the bottom: "Conficker: Likely Clean", while likely infected machines report "Conflicker: Likely INFECTED".

Of course we have some other nice improvements besides Conficker detection.

Enjoy the new release and disenfect those systems!
-Fyodor

Nmap 4.85BETA6:
  • Fixed some bugs with the Conficker detection script (smb-check-vulns) [Ron]:
    • SMB response timeout raised to 20s from 5s to compensate for slow/overloaded systems and networks.
    • MSRPC now only signs messages if OpenSSL is available (avoids an error).
    • Better error checking for MS08-067 patch
    • Fixed forgotten endian-modifier (caused problems on big-endian systems such as Solaris on SPARC).
  • Host status messages (up/down) are now uniform between ping scanning and port scanning and include more information. They used to vary slightly, but now all look like
    Host is up (Xs latency).
    Host is down.
    The new latency information is Nmap's estimate of the round trip time. In addition, the reason for a host being up is now printed for port scans just as for ping scans, with the --reason option. [David]
  • Version detection now has a generic match line for SSLv3 servers, which matches more servers than the already-existing set of specific match lines. The match line found 13% more SSL servers in a test. Note that Nmap will not be able to do SSL scan-through against a small fraction of these servers, those that are SSLv3-only or TLSv1-only, because that ability is not yet built into Nsock. There is also a new version detection probe that works against SSLv2-only servers. These have shown themselves to be very rare, so that probe is not sent by default. Kristof Boeynaems provided the patch and did the testing.
  • [Zenmap] A typo that led to a crash if the ndiff subprocess terminated with an error was fixed. [David] The message was
    File "zenmapGUI\DiffCompare.pyo", line 331, in check_ndiff_process
    UnboundLocalError: local variable 'error_test' referenced before assignment
  • [Zenmap] A crash was fixed:
    File "zenmapGUI\SearchGUI.pyo", line 582, in operator_changed
    KeyError: "Syst\xc3\xa8me d'Exploitation"
    The text could be different, because the error was caused by translating a string that was also being used as an index into an internal data structure. The string will be untranslated until that part of the code can be rewritten. [David]
  • [Zenmap] A bug was fixed that caused a crash when doing a keyword: or target: search over hosts that had a MAC address. [David] The crash output was
    File "zenmapCore\SearchResult.pyo", line 86, in match_keyword
    File "zenmapCore\SearchResult.pyo", line 183, in match_target
    TypeError: argument of type 'NoneType' is not iterable
  • Fixed a bug which prevented all comma-separated --script arguments from being shown in Nmap normal and XML output files where they show the original Nmap command. [David]
  • Fixed ping scanner's runtime statistics system so that instead of saying "0 undergoing Ping Scan" it gives the actual number of hosts in the group (e.g. 4096). [David]
  • [Zenmap] A crash was fixed in displaying the "Error creating the per-user configuration directory" dialog:
    File "zenmap", line 104, in File "zenmapGUI\App.pyo", line 129, in run UnicodeDecodeError: 'utf8' codec can't decode bytes in position 43-45: invalid data
    The crash would only happen to users with paths containing multibyte characters in a non-UTF-8 locale, who also had some error preventing the creation of the directory. [David]
Versienummer:4.85 bta 6
Releasestatus:Beta
Besturingssystemen:Windows 2000, Linux, BSD, Windows XP, macOS, OS/2, Solaris, UNIX, Windows Server 2003, Windows Server 2003 x64, Windows Vista, Windows Vista x64, Windows Server 2008
Website:Nmap
Download:http://nmap.org/download.html
Licentietype:GPL
Moderatie-faq Wijzig weergave

Reacties (7)

Make that Beta 7. Slaapt die man berhaupt? :+
Gebruik de Linux versie sinds kort onder Backtrack, goeie tool.
Is dit nou iets waar ik als dagelijks gebruiker die graag het onderste uit de kan haalt iets aan kan hebben voor bijvoorbeeld mijn thuisnetwerk waar ik op mijn HTPC een webserver draai?

Of voor op de zaak waar wij met onze laptops allemaal draadloos op flexplekken zitten?
Nee, denk eerder aan security-audits/evaluaties en het betere hackwerk
Ik neem aan dat je met 'beter' niet die laatste entry bedoelt.
Humor om te lachen:

Ik gebruikte het vanmiddag op de zaak om te kijken of er nog ergens loopholes zaten, komt er ineens een collega van de andere kamer aanlopen met een stapel papier in zijn handen met gekke tekens.

Natuurlijk wist ik van niks, maar had ik wel een idee waar het aan kon liggen. Nmap had dus de netwerkprinters gevonden! :)

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True