Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 10 articles for you...
79
cybersecuritysecurity enhancementsnetwork scanningNmap 7.95 OS Detection And Service Signature Updates Overview
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap community and the development team to improving network scanning capabilities. . The release notes state, "We're not talking about dozens or hundreds of them—we processed more than 6,500 fingerprints!" This statistic underscores the significant effort put into refining the detection mechanisms, enhancing the accuracy and depth of information provided by Nmap. Let's examine what's new in Nmap 7.95 and how these updates improve security for Nmap users. What's New in Nmap 7.95? What Security Improvements Have Been Made? The addition of new signatures for OS detection, such as iOS 15 & 16, macOS Ventura & Monterey, and Linux 6.1, cater to the evolving operating system landscape and underline Nmap's commitment to staying current with technological advancements. The release notes mention, "We couldn't do this without all of your submissions," highlighting the collaborative nature of the Nmap community as contributors play a vital role in enriching the tool's capabilities. The incorporation of new service/version detection signatures and protocols, including grpc, mysqlx, and tuya, expands Nmap's reconnaissance capabilities further. This will lure users to explore Nmap's updated library offerings and stimulate their curiosity about the tool's versatility in identifying a broad spectrum of services running on target machines. Improvements in Npcap, the Windows raw packet capturing and transmission driver, have also been made, emphasizing performance enhancements and feature upgrades. This development is pivotal for users leveraging Nmap on Windows systems, showcasing the commitment to enhancing the tool's cross-platform compatibility and usability. Moreover, adding new NSE scripts for querying industrial control systems introduces a niche capability catering to specialized security requirements. Enhancing Nmap's core features, such as port scanningand OS detection engine , signifies a holistic approach to refining the tool's scanning efficiency and accuracy. Our Final Thoughts on Nmap 7.95 The Nmap Version 7.95 release showcases robust enhancements that empower security practitioners and network administrators to conduct comprehensive network reconnaissance efficiently. Nmap's ongoing evolution underscores its relevance in cybersecurity and commitment to staying at the forefront of network security scanning technology. You can download Nmap 7.95 here. . Nmap 7.95 boosts its OS and service identification capabilities with 6,500 additional signatures, enhancing both security measures and network scanning efficiency.. Nmap, OS Detection, Network Scanning, Security Enhancements. . Brittany Day
Jun 03, 2024
•
Security Projects
74
security assessmentpenetration testingreconnaissanceTop Free Tools For Network Scanning And Enumeration In Pentests
The scanning and enumeration phase of penetration tests is vital, so what are the best free tools you can use to create this solid pentest foundation? . The scanning and enumeration phase is crucial to every penetration tester's methodology and process. It is important to gather information about the network you are carrying a pentest on before you actually begin testing. So what does this really mean? And whar are the best tools to help you during the scanning and enumeration phase of your pentest? Scanning and enumeration entails gathering information about the network or asset you are carrying out a penetration test on. This includes scanning the network to identify live hosts, IP addresses, open ports, services running on those ports, and the operating systems of the machines. It's an important part of reconnaissance because it provides you with information on the target, helps you understand the network's infrastructure, discover potential weak points, and assess its overall security posture. . The reconnaissance and discovery stage is essential to every ethical hacker's strategy and approach.. Network Tools, Penetration Testing, Enumeration Techniques. . Brittany Day
Aug 14, 2023
•
Network Security
74
network managementopen source toolsecurity utilityThe Best 10 Linux Tools for Effective Network and Security Management
Picking just 10 Linux open source security tools isn’t easy, especially when network professionals and security experts have dozens if not several hundred tools available to them. . There are different sets of tools for just about every task—network tunneling, sniffing, scanning, mapping. And for every environment— Wi-Fi networks , Web applications, database servers. We consulted a group of experts (Vincent Danen, vice president of product security, RedHat; Casey Bisson, head of product growth, BluBracket; Andrew Schmitt, a member of the BluBracket Security Advisory Panel; and John Hammond, senior security researcher, Huntress) to develop this list of must-have Linux security tools. . Delve into crucial Linux utilities tailored for network specialists, addressing functionalities such as network probing, topology visualization, and encrypted communication tunnels.. Linux Tools, Network Security, Open Source Tools, Security Utilities. . Brittany Day
Jan 15, 2023
•
Network Security
74
Linux toolsnetwork scanningNmapExploring Nmap For Network Scanning And Security Analysis
Ever wondered how attackers know what ports are open on a system? Or how to find out what services a computer is running without just asking the site admin? You can do all this and more with a handy little tool called Nmap.. What is Nmap? Short for "network mapper," nmap is a veritable toolshed of functionality to perform network scans. It can be used for security scans, simply to identify what services a host is running, to "fingerprint" the operating system and applications on a host, the type of firewall a host is using, or to do a quick inventory of a local network. It is, in short, a very good tool to know. It's famous, too. Once you get to know Nmap a bit, you'll notice that it makes all types of cameo appearances in movies. In this tutorial, I'll cover some of the basics of using Nmap and provide some examples you can use quickly. Getting Nmap and Basic Use You'll find Nmap packaged for most major Linux distros. The most recent release of Nmap came out in early 2010, so the most recent version (5.21) might not be in the current stable releases. You can find the sources and some binaries on the download page. The link for this article located at Linux.com is no longer available. . What is Nmap? Short for 'network mapper,' nmap is a veritable toolshed of functionality to perform n. wondered, attackers, ports, system, services. . Anthony Pell
Mar 05, 2010
•
Network Security
74
open sourcenetwork utilitynetwork scanningUser-Friendly Nmap Network Scanning With Umit Interface
Umit is a user-friendly graphical interface to Nmap that lets you perform network port scanning. The utility's most useful features are its stored scan profiles and the ability to search and compare saved network scans. A profile lets you configure how a network scan is performed, change the source information for the scan, and explicitly nominate hosts to include or exclude from the scan, as well as various more advanced options. Have you ever used a graphical interface to Nmap to do your network port scanning? Check out this GUI to Nmap which has many useful features, including the ability to save and compare scans. . The link for this article located at linux.com is no longer available. . Uncover NmapSI, an intuitive visual interface for streamlined network scanning and profile organization.. Umit Interface,Nmap Tool,Graphical Network Scanning. . Brittany Day
Sep 23, 2008
•
Network Security
74
linux toolssecurity assessmentopen sourceComplete Nmap Guide: Network Scanning and Security Assessment Techniques
Nmap (. The link for this article located at linuxhaxor is no longer available. . Nmap, the Network Mapper, is an open-source tool for network discovery and security auditing, featuring versatile scanning techniques for vulnerability detection. Nmap Guide, Security Assessment, Network Scanning, Linux Tools. . Bill Locke
Jun 10, 2008
•
Network Security
79
security advisoryupdatesoftware releaseNmap 4.00 Security Advisory: Major Improvements In Network Scanning
Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 4.00 from https://nmap.org/ . . CHANGES: Nmap has undergone many substantial changes since our last major release (3.50 in February 2004) and we recommend that all current users upgrade. Here are the most important improvements made in the 36 intermediate releases since 3.50: o Added the ability for Nmap to send and properly route raw ethernet frames containing IP datagrams rather than always sending the packets via raw sockets. This is particularly useful for Windows, since Microsoft has disabled raw socket support in XP. Nmap tries to choose the best method at runtime based on platform, though you can override it with the new --send-eth and --send-ip options. o Added ARP scanning (-PR). Nmap can now send raw ethernet ARP requests to determine whether hosts on a LAN are up, rather than relying on higher-level IP packets (which can only be sent after a successful ARP request and reply anyway). This is much faster and more reliable (not subject to IP-level firewalling) than IP-based probes. It is now used automatically for any hosts that are detected to be on a local ethernet network, unless --send-ip was specified. o Added the --spoof-mac option, which asks Nmap to use the given MAC address for all of the raw ethernet frames it sends. Valid --spoof-mac argument examples are "Apple", "0", "01:02:03:04:05:06", "deadbeefcafe", "0020F2", and "Cisco". o Rewrote core port scanning engine, which is now named ultra_scan(). Improved algorithms make this faster (often dramatically so) in almost all cases. Not only is it superior against single hosts, but ultra_scan() can scan many hosts (sometimes hundreds) in parallel. This offers many efficiency/speed advantages. For example, hosts often limit the ICMP port unreachable packets used by UDP scans to 1/second. That made those scans extraordinarily slow in previous versions of Nmap. But if you are scanning 100 hosts atonce, suddenly you can receive 100 responses per second. Spreading the scan amongst hosts is also gentler toward the target hosts. o Overhauled UDP scan. Ports that don't respond are now classified as "open|filtered" (open or filtered) rather than "open". The (somewhat rare) ports that actually respond with a UDP packet to the empty probe are considered open. If version detection is requested, it will be performed on open|filtered ports. Any that respond to any of the UDP probes will have their status changed to open. This avoids the false-positive problem where filtered UDP ports appear to be open, leading to terrified newbies thinking their machine is infected by back orifice. o Put Nmap on a diet, with changes to the core port scanning routine (ultra_scan) to substantially reduce memory consumption, particularly when tens of thousands of ports are scanned. o Added 'leet ASCII art to the configurator! Note that only people compiling the UNIX source code get this. (ASCII artist unknown). If you don't like it, feel free to submit your own work. o Wrote a new man page from scratch. It is much more comprehensive (more than twice as long) and (IMHO) better organized than the previous one. Read it online at https://nmap.org/book/man.html or docs/nmap.1 from the Nmap distribution. Let me know if you have any ideas for improving it. Translations to Chinese, French, Japanese, Brazilian Portuguese, Portugal Portuguese, and Romanian can be found on the Nmap docs page at https://nmap.org/docs.html . More than a dozen other translations are in progress. The XML source for the man page is distributed with Nmap in docs/nmap-man.xml. Patches to Nmap that are user-visible should include patches to the man page XML source rather than to the generated Nroff. o Integrated all service submissions up to January 2006. The DB has tripled in size since 3.50 to 3,153 signatures for 381 service protocols. Those protocols span the gamut from abc, acap, afp, and afs to zebedee, zebra, andzenimaging. It even covers obscure protocols such as http, ftp, smtp, and ssh :). Thanks to Version Detection Czar Doug Hoyte for his excellent work on this. Other great probes and signatures came from Dirk Mueller (mueller(a)kde.org), Lionel Cons (lionel.cons(a)cern.ch), Martin Macok (martin.macok(a)underground.cz), and Bo Jiang (jiangbo(a)brandeis.edu). Thanks also go to the (literally) thousands of you who submitted service fingerprints. Keep them coming! o Integrated tons of new OS detection fingerprints. The database grew more than 50% from 1,121 to 1,684 fingerprints. Notable additions include Mac OS X 10.4 (Tiger), OpenBSD 3.7, FreeBSD 5.4, Windows Server 2003 SP1, Sony AIBO (along with a new "robotic pet" device type category), the latest Linux 2.6 kernels, Cisco routers with IOS 12.4, a ton of VoIP devices, Tru64 UNIX 5.1B, new Fortinet firewalls, AIX 5.3, NetBSD 2.0, Nokia IPSO 3.8.X, and Solaris 10. Of course there are also tons of new broadband routers, printers, WAPs and pretty much any other device you can coax an ethernet cable (or wireless card) into! Much of this OS detecton work was done by Google SoC student Zhao Lei (zhaolei(a)gmail.com). o Created a Windows executable installer using the open source NSIS (Nullsoft Scriptable Install System). It handles Pcap installation, registry performance changes, and adding Nmap to your cmd.exe executable path. The installer source files are in mswin32/nsis/ . Thanks to Google SoC student Bo Jiang (jiangbo(a)brandeis.edu) for creating the initial version. o Added run time interaction as documented at https://nmap.org/book/man-runtime-interaction.html . While Nmap is running, you can now press 'v' to increase verbosity, 'd' to increase the debugging level, 'p' to enable packet tracing, or the capital versions (V,D,P) to do the opposite. Any other key (such as enter) will print out a status message giving the estimated time until scan completion. Most of this work was done by Paul Tarjan (ptarjan(a)stanford.edu),Andrew Lutomirski (luto(a)myrealbox.com), and Gisle Vanem (giva(a)bgnett.no). o Reverse DNS resolution is now done in parallel rather than one at a time. All scans of large networks (particularly list, ping and just-a-few-ports scans) benefit substantially from this change. The new --system-dns option was added so you can use the (slow) system resolver if you prefer that for some reason. You can specify a comma separated list of DNS server IP addresses for Nmap to use with the new --dns-servers option. Otherwise, Nmap looks in /etc/resolve.conf (UNIX) or the system registry (Windows) to obtain the nameservers already configured for your system. This excellent patch was written by Doug Hoyte (doug(a)hcsw.org). o Updated NmapFE to build with GTK2 rather than obsolete GTK1. Thanks to Priit Laes (amd(a)store20.com), Mike Basinger (dbasinge(a)speakeasy.net) and Meethune Bhowmick (meethune(a)oss-institute.org) for developing the patch. GTK2 is prettier, more functional, and actually exists on most modern Linux distributions (many of which removed GTK1 long ago). o Added the --badsum option, which causes Nmap to use invalid TCP or UDP checksums for packets sent to target hosts. Since virtually all host IP stacks properly drop these packets, any responses received are likely coming from a firewall or IDS that didn't bother to verify the checksum. For more details on this technique, see . The author of that paper, Ed3f (ed3f(a)antifork.org), is also the author of this patch (which I changed it a bit). o The 26 Nmap commands that previously included an underscore (--max-rtt-timeout, --send-eth, --host-timeout, etc.) have been renamed to use a hyphen in the preferred format (i.e. --max-rtt-timeout). Underscores are still supported for backward compatibility. o Added --max-retries option for capping the maximum number of retransmissions the port scan engine will do. The value may be as low as 0 (no retransmits). A low value can increase speed, though at the risk of losingaccuracy. The -T4 option now allows up to 6 retries, and -T5 allows 2. Thanks to Martin Macok (martin.macok(a)underground.cz) for writing the initial patch. o Many of the Nmap low-level timing options take a value in milliseconds. You can now append an 's', 'm', or 'h' to the value to give it in seconds, minutes, or hours instead. So you can specify a 45 minute host timeout with --host-timeout 45m rather than specifying --host-timeout 2700000 and hoping you did the math right and have the correct number of zeros. This also now works for the --min-rtt-timeout, --max-rtt-timeout, --initial-rtt-timeout, --scan-delay, and --max-scan-delay options. o Wrote a new Nmap compilation, installation, and removal guide, which you can find at https://nmap.org/book/install.html . o Made some changes to allow source port zero scans (-g0). Nmap used to refuse to do this, but now it just gives a warning that it may not work on all systems. It seems to work fine on my Linux box. Thanks to Bill Dale (bill_dale(a)bellsouth.net) for suggesting this feature. o Applied some small fixes so that Nmap compiles with Visual C++ 2005 Express, which is free from Microsoft at https://visualstudio.microsoft.com/ . Thanks to KX (kxmail(a)gmail.com) and Sina Bahram (sbahram(a)nc.rr.com) o Added --thc option (undocumented) o Wrote a new "help screen", which you get when running Nmap without arguments. It is also reproduced in the man page and at https://svn.nmap.org/nmap/docs/nmap.usage.txt . I gave up trying to fit it within a 25-line, 80-column terminal window. It is now 78 lines and summarizes all but the most obscure Nmap options. o Added OS, device type, and hostname detection using the service detection framework. Many services print a hostname, which may be different than DNS. The services often give more away as well. If Nmap detects IIS, it reports an OS family of "Windows". If it sees HP JetDirect telnetd, it reports a device type of "printer". Rather than try to combine TCP/IP stackfingerprinting and service OS fingerprinting, they are both printed. After all, they could legitimately be different. An IP that gives a stack fingerprint match of "Linksys WRT54G broadband router" and a service fingerprint of Windows based on Kazaa running is likely a common NAT setup rather than an Nmap mistake. o Overhauled the Nmap version detection guide and posted it at https://nmap.org/book/vscan.html . o Service/version detection now handles multiple hosts at once for more efficient and less-intrusive operation. o Added "rarity" feature to Nmap version detection. This causes obscure probes to be skipped when they are unlikely to help. Each probe now has a "rarity" value. Probes that detect dozens of services such as GenericLines and GetRequest have rarity values of 1, while the WWWOFFLEctrlstat and mydoom probes have a rarity of 9. When interrogating a port, Nmap always tries probes registered to that port number. So even WWWOFFLEctrlstat will be tried against port 8081 and mydoom will be tried against open ports between 3127 and 3198. If none of the registered ports find a match, Nmap tries probes that have a rarity less than or equal to its current intensity level. The intensity level defaults to 7 (so that most of the probes are done). You can set the intensity level with the new --version-intensity option. Alternatively, you can just use --version-light or --version-all which set the intensity to 2 (only try the most important probes and ones registered to the port number) and 9 (try all probes), respectively. --version-light is much faster than default version detection, but also a bit less likely to find a match. This feature was designed and implemented by Doug Hoyte (doug(a)hcsw.org). o Added a "fallback" feature to the nmap-service-probes database. This allows a probe to "inherit" match lines from other probes. It is currently only used for the HTTPOptions, RTSPRequest, and SSLSessionReq probes to inherit all of the match lines from GetRequest. Someservers don't respond to the Nmap GetRequest (for example because it doesn't include a Host: line) but they do respond to some of those other 3 probes in ways that GetRequest match lines are general enough to match. The fallback construct allows us to benefit from these matches without repeating hundreds of signatures in the file. This is another feature designed and implemented by Doug Hoyte (doug(a)hcsw.org). o Added "Exclude" directive to nmap-service-probes grammar which causes version detection to skip listed ports. This is helpful for ports such as 9100. Some printers simply print any data sent to that port, leading to pages of HTTP requests, SMB queries, X Windows probes, etc. If you really want to scan all ports, specify --allports. This patch came from Doug Hoyte (doug(a)hcsw.org). o Version detection softmatches (when Nmap determines the service protocol such as smtp but isn't able to determine the app name such as Postfix) can now parse out the normal match line fields such as hostname, device type, and extra info. For example, we may not know what vendor created an sshd, but we can still parse out the protocol number. This was a patch from Doug Hoyte (doug(a)hcsw.org). o Fixed a bunch of typos and misspellings throughout the Nmap source code (mostly in comments). This was a 625-line patch by Saint Xavier (skyxav(a)skynet.be). o Added a stripped-down and heavily modified version of Dug Song's libdnet networking library (v. 1.10). This helps with the new raw ethernet features. My (extensive) changes are described in libdnet-stripped/NMAP_MODIFICATIONS o Updated nmap data files (nmap-mac-prefixes, nmap-protocols, nmap-rpc) with the latest OUIs, IP protocols, and RPC program numbers, respectively. o Updated the included libpcap from 0.7.2 to 0.9.3. This was an attempt to fix an annoying bug, which I then found was actually in my code rather than libpcap :). Also updated the included GNU shtool (to 2.0.2), LibPCRE (6.4), and the autoconf config.* files (to thelatest from their CVS). o Nmap now uses (and require) WinPcap 3.1 on Windows. o Added MAC address printing. If Nmap receives packet from a target machine which is on an Ethernet segment directly connected to the scanning machine, Nmap will print out the target MAC address. Nmap also now contains a database (derived from the official IEEE version) which it uses to determine the vendor name of the target ethernet interface. Here are examples from normal and XML output (angle brackets replaced with [] for HTML changelog compatibility): MAC Address: 08:00:20:8F:6B:2F (SUN Microsystems) [address addr="00:A0:CC:63:85:4B" vendor="Lite-on Communications" addrtype="mac" / o The official Nmap RPM files are now compiled statically for better compatibility with other systems. X86_64 (AMD Athlon64/Opteron) binaries are now available in addition to the standard i386. NmapFE RPMs are no longer distributed by Insecure.Org. o Nmap distribution signing has changed. Release files are now signed with a new Nmap Project GPG key (KeyID 6B9355D0). Learn more at o Updated random scan (ip_is_reserved()) to reflect the latest IANA assignments. This to Felix Groebert (felix(a)groebert.org) and Chad Loder (cloder(a)loder.us) for sending these patches. o Added the --iflist option, which prints a list of system interfaces and routes detected by Nmap. o Removed WinIP library (and all Windows raw sockets code) since MS has gone and broken raw sockets. Maybe packet receipt via raw sockets will come back at some point. As part of this removal, the Windows-specific --win_help, --win_list_interfaces, --win_norawsock, --win_forcerawsock, --win_nopcap, --win_nt4route, --win_noiphlpapi, and --win_trace options have been removed. o Added new --privileged command-line option and NMAP_PRIVILEGED environmental variable. Either of these tell Nmap to assume that the user has full privileges to execute raw packet scans, OS detection and the like. This can be useful when Linux kernel capabilities or othersystems are used that allow non-root users to perform raw packet or ethernet frame manipulation. Without this flag or variable set, Nmap bails on UNIX if geteuid() is nonzero. o Changed the RPM spec file so that if you define "static" to 1 (by passing --define "static 1" to rpmbuild), static binaries are built. o ultra_scan() now sets pseudo-random ACK values (rather than 0) for any TCP scans in which the initial probe packet has the ACK flag set. This would be the ACK, Xmas, Maimon, and Window scans. o Fixed an integer overflow that prevented Nmap from scanning 2,147,483,648 hosts in one expression (e.g. 0.0.0.0/1). Problem noted by Justin Cranford (jcranford(a)n-able.com). While /1 scans are now possible, don't expect them to finish during your bathroom break. No matter how constipated you are. o Changed from CVS to Subversion source control system (which rocks!). Neither repository is currently public due to security paranoia. o Nmap now ships with and installs (in the same directory as other data files such as nmap-os-fingerprints) an XSL stylesheet for rendering the XML output as HTML. This stylesheet was written by Benjamin Erb ( see for examples). It supports tables, version detection, color-coded port states, and more. The XML output has been augmented to include an xml-stylesheet directive pointing to nmap.xsl on the local filesystem. You can point to a different XSL file by providing the filename or URL to the new --stylesheet argument. Omit the xml-stylesheet directive entirely by specifying --no-stylesheet. The XML to HTML conversion can be done with an XSLT processor such as Saxon, Sablot, or Xalan, but modern browsers can do this on the fly -- simply load the XML output file in IE or Firefox.It is often more convenient to have the stylesheet loaded from a URL rather than the local filesystem, allowing the XML to be rendered on any machine regardless of whether/where the XSL is installed. For privacy reasons (avoid loading of an external URL when youview results), Nmap uses the local filesystem by default. If you would like the latest version of the stylesheet loaded from Insecure.Org when rendering, specify --webxml, which is a shortcut for --stylesheet https://svn.nmap.org/nmap/docs/nmap.xsl . o If a user attempts -PO (the letter O), instead of -P0 (zero), print an error suggesting that the user is a doofus (actually it is a nice message) o Upgraded the fragmentation option (-f). One -f now sets sends fragments with just 8 bytes after the IP header, while -ff sends 16 bytes to reduce the number of fragments needed. You can specify your own fragmentation offset (must be a multiple of 8) with the new --mtu flag. Don't also specify -f if you use --mtu. Remember that some systems (such as Linux with connection tracking) will defragment in the kernel anyway -- so test first while sniffing with ethereal. These changes are from a patch by Martin Macok (martin.macok(a)underground.cz). o Nmap now prints the number (and total bytes) of raw IP packets sent and received when it completes, if verbose mode (-v) is enabled. The report looks like: Nmap finished: 256 IP addresses (3 hosts up) scanned in 30.632 seconds Raw packets sent: 7727 (303KB) | Rcvd: 6944 (304KB) o Added new "closed|filtered" state. This is used for Idle scan, since that scan method can't distinguish between those two states. Nmap previously just used "closed", but this is more accurate. o Null, FIN, Maimon, and Xmas scans now mark ports as "open|filtered" instead of "open" when they fail to receive any response from the target port. After all, it could just as easily be filtered as open. This is the same change that was made to UDP scan in 3.70. Also as with UDP scan, adding version detection (-sV) will change the state from open|filtered to open if it confirms that they really are open. o Change IP protocol scan (-sO) so that a response from the target host in any protocol at all will prove that protocol is open. As before, no response means"open|filtered", an ICMP protocol unreachable means "closed", and most other ICMP error messages mean "filtered". o Changed IP protocol scan (-sO) so that it sends valid ICMP, TCP, and UDP headers when scanning protocols 1, 6, and 17, respectively. An empty IP header is still sent for all other protocols. This should prevent the error messages such as "sendto in send_ip_packet: sendto(3, packet, 20, 0, 192.31.33.7, 16) => Operation not permitted" that Linux (and perhaps other systems) would give when they try to interpret the raw packet. This also makes it more likely that these protocols will elicit a response, proving that the protocol is "open". o Fixed a memory leak that would generally consume several hundred bytes per down host scanned. While the effect for most scans is negligible, it was overwhelming when Scott Carlson (Scott.Carlson(a)schwab.com) tried to scan 24 million IPs (10.0.0.0/8). Thanks to him for reporting the problem. Also thanks to Valgrind ( ) for making it easy to debug. o Added --max-scan-delay parameter. Nmap will sometimes increase the delay itself when it detects many dropped packets. For example, Solaris systems tend to respond with only one ICMP port unreachable packet per second during a UDP scan. So Nmap will try to detect this and lower its rate of UDP probes to one per second. This can provide more accurate results while reducing network congestion, but it can slow the scans down substantially. By default (with no -T options specified), Nmap allows this delay to grow to one second per probe. This option allows you to set a lower or higher maximum. The -T4 and -T5 scan modes now limit the maximum scan delay for TCP scans to 10 and 5 ms, respectively. o Added --max-hostgroup option which specifies the maximum number of hosts that Nmap is allowed to scan in parallel. o Added --min-hostgroup option which specifies the minimum number of hosts that Nmap should scan in parallel (there are some exceptions where Nmap will still scan smallergroups -- see man page). Of course, Nmap will try to choose efficient values even if you don't specify hostgroup restrictions explicitly. o Nmap now estimates completion times for almost all port scan types (any that use ultra_scan()) as well as service scan (version detection). These are only shown in verbose mode (-v). On scans that take more than a minute or two, you will see occasional updates like: SYN Stealth Scan Timing: About 30.01% done; ETC: 16:04 (0:01:09 remaining) New updates are given if the estimates change significantly. o Added --exclude option, which lets you specify a comma-separated list of targets (hosts, ranges, netblocks) that should be excluded from the scan. This is useful to keep from scanning yourself, your ISP, particularly sensitive hosts, etc. The new --excludefile reads the list (newline-delimited) from a given file. All the work was done by Mark-David McLaughlin (mdmcl(a)cisco.com> and William McVey ( wam(a)cisco.com ), who sent me a well-designed and well-tested patch. o Nmap now has a "port scan ping" system. If it has received at least one response from any port on the host, but has not received responses lately (usually due to filtering), Nmap will "ping" that known-good port occasionally to detect latency, packet drop rate, etc. o Nmap now wishes itself a happy birthday when run on September 1 in verbose mode! The first public release was on that date in 1997. o The port randomizer now has a bias toward putting commonly-accessible ports (80, 22, etc.) near the beginning of the list. Getting a response early helps Nmap calculate response times and detect packet loss, so the scan goes faster. o Host timeout system (--host-timeout) overhauled to support host parallelization. Hosts times are tracked separately, so a host that finishes a SYN scan quickly is not penalized for an exceptionally slow host being scanned at the same time. o When Nmap has not received any responses from a host, it can now use certain timing values fromother hosts from the same scan group. This way Nmap doesn't have to use absolute-worst-case (300bps SLIP link to Uzbekistan) round trip time and latency estimates. o Documented the --osscan-limit option, which saves time by skipping OS detection if at least one open and one closed port are not found on the remote hosts. OS detection is much less reliable against such hosts anyway, and skipping it can save some time. o Configure script now detects GNU/k*BSD (whatever that is), thanks to patches from Robert Millan (rmh (at) debian (dot) org [email concealed]) and Petr Salinger (Petr.Salinger(a)t-systems.cz) o Provide limited --packet-trace support for TCP connect() (-sT) scans. o Hundreds of other features, bugfixes, and portability enhancements described at https://nmap.org/changelog.html The link for this article located at BugTraq is no longer available. . Nmap 4.00 introduces substantial enhancements for faster and more reliable network scanning following version 3.50.. insecure, pleased, announce, immediate, availability, security, scanner. . LinuxSecurity.com Team
Jan 31, 2006
•
Security Projects
79
security auditingopen source toolnetwork explorationNmap Overview: A Leading Tool for Network Auditing and Scanning
Nmap ("Network Mapper") is a free utility for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap runs on most types of computers and both console and graphical versions are available. Nmap is free software, available with full source code under the terms of the GNU GPL. Read at TuxJournal.net . The link for this article located at tuxjournal.net is no longer available. . Nmap is a powerful utility for network exploration and auditing, designed for rapid scans and detailed insights.. network exploration,Nmap utility,security auditing,open source tool. . LinuxSecurity.com Team
Jul 17, 2005
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More