Archived Release Notes: Rumble Agent

Notice

Starting with version 1.7.9 all release notes have been consolidated into one page.

Archived Release Notes

v1.7.8

2020-05-23

  • Fingerprint updates.

v1.7.7

2020-05-22

  • Fingerprint updates.

v1.7.6

2020-05-14

  • Corrects inconsistent use of the new service attributes when processing the dynamic MAC address filter.

v1.7.5

2020-05-14

  • Asset and Service attributes have been normalized. All keys are now camelCase and most service attributes are now prefixed by the protocol name.

v1.7.4

2020-05-13

  • Support has been improved for the following database protocols: Memcached (TCP), CouchDB, Cassandra, Redis, ElasticSearch, Riak (TCP/HTTP), MySQL, PostgreSQL, MongoDB, MSSQL, and Oracle.

v1.7.3

2020-05-07

  • Cisco HSRP MAC addresses are now ignored for the purposes of asset correlation.
  • Updated Ethernet fingerprints.

v1.7.2

2020-05-06

  • A bug in the mDNS probe that could lead to a hung scan on certain platforms has been resolved.

v1.7.1

2020-05-06

  • Diagnostic information is now returned in the “systeminfo” response.
  • Updated Ethernet fingerprints.

v1.7.0

2020-05-04

  • The bundled npcap driver has been upgraded to version 0.9991.

  • The TLS probe now reports tls.notBeforeTS and tls.notAfterTS fields as unix timestamps.

  • Updated Ethernet fingerprints.

v1.6.10

2020-05-03

  • Updated Ethernet fingerprints.

v1.6.9

2020-05-01

  • The Rumble Agent will verify its own binary and exit on startup if corrupted.
  • Updated Ethernet fingerprints.

v1.6.8

2020-04-23

  • Updated Ethernet fingerprints.

v1.6.7

2020-04-23

  • The scan engine can now identify TCP services on the scanning system across all platforms.

v1.6.6

2020-04-22

  • An issue that could lead to the scan engine hanging with misbehaving HTTP services has been resolved.

v1.6.5

2020-04-22

  • Updated Ethernet and BACnet fingeprints.

v1.6.4

2020-04-17

  • Devices that relay mDNS from other networks (ex: Ubiquiti USG) are no longer associated with the relayed asset information.

  • Additional Google Chrome paths are considered for screenshot collection. Snap packages of Chromium are no longer used.

v1.6.3

2020-04-14

  • An issue that could lead to scans hanging while processing HTTP services has been resolved.

v1.6.2

2020-04-13

  • The Linux agent now restarts properly on Ubuntu 14.04, CentOS 6.10, and other Upstart-based platforms.
  • Fingerprint updates for Crestron, ELAN, MAC addresses, and BACnet.

v1.6.1

2020-04-08

  • The Windows agent will now try harder to work around temporary issues while installing an update.
  • The Windows agent will now clear any stale chrome.exe processes running as LocalSystem during the update process.

v1.6.0

2020-04-06

  • Screenshots will now limit the number of concurrent Chrome processes based on core count, available RAM, and architecture.
  • The bundled npcap build has been updated to version 0.9990.

v1.5.6

2020-04-04

  • The RDP probe now collects the full NTLMSSP response for more platforms.
  • The HTTP probe now collects information about web forms and their inputs.

v1.5.5

2020-03-27

  • The SNMP probe no longer reports invalid MAC addresses found in ARP caches or MAC tables.

v1.5.4

2020-03-26

  • The TCP probe now handles a wider variety of RDP responses.

v1.5.3

2020-03-26

  • The SMB probe now reports subprotocols (smb1, smb2, and smb3) consistently.
  • The SMB probe now collects hashing, encryption, and compression methods from SMBv3 servers.
  • The SMB probe now reports the server-allocated Session ID for smb2 and smb3.
  • The TCP probe now collects NTLM information from Remote Desktop endpoints and reports the protocol as rdp.
  • The HTTP probe now collects additional information from VMware SOAP endpoints.

v1.5.2

2020-03-20

  • A bug that could lead to the HTTP/2 probe stalling during TLS negotiation has been resolved.

v1.5.1

2020-03-14

  • A full system disk no longer results in a deadlocked scan.
  • Fingerprints have been updated for Ethernet MAC addresses, BACnet vendors, and Enterprise IDs.
  • HTTP/1 probes now expicitly disable HTTP/2 upgrades even when advertised. HTTP/2 is handled separately.
  • Generic protocol negotiation is no longer attempted on NDMP ports (10,000/30,000). A future release will support improved NDMP detection and negotiation.
  • A potential deadlock in the runtime library has been resolved by reverting to an older runtime version.

v1.5.0

2020-03-04

  • A NTP probe has been added that reports the clock skew compared to the scanning instance.
  • A TFTP discovery probe has been added that requests a non-existent file and stores the response. The TFTP probe supports port ranges.
  • An OpenVPN probe has been added that can detect remote instances across multiple ports.
  • A dTLS discovery probe has been added that handles both bare dTLS and CAPWAP-encoded variants.
  • Microsoft Remote Desktop Gateway instances are now fingerprinted through dTLS and HTTP, reporting the rdg.Transport service key.
  • The protocol handlers for NATPMP, WS-Discovery, and UPnP Device XML now parse out specific subfields for easier matches and future fingerprinting efforts.
  • The UPnP Device XML parser now triggers a request to download and report the device icon.
  • The SYN scanner has been updated to improve reliability and report more accurate progress.
  • The HTTP probe now identifies and reports web site icons as base64-encoded images along with their MD5 hashes.
  • The HTTP probe now extracts the generator meta tag from HTML responses.
  • The HTTP probe now extracts splunkd versions from HTML responses.
  • The RPCBind probe now sends a null call to every UDP service and probes the NFS daemon directly.
  • VMware ESXi detection has improved and will be used as a fallback in more cases.
  • TCP protocol fingerprinting will retry more often on temporary network errors.
  • Empty fields in the result structure within the JSON output are now omitted.
  • Linux on ARM 64-bit (aarch64) is now a supported platform.
  • Improved detection and early rejection of invalid CIDRs.

v1.4.5

2020-02-19

  • The SMB probe now records the NTLMSSP response from a wider range of operating systems.
  • The HTTP probe now stores the response to GET / and the response after any redirects are followed. Key names for the redirect responses are prefixed by last, such as last.http.code.
  • The HTTP probe now handles compression and chunked transfer encoding properly, storing the normalized HTTP body.
  • The HTTP probe now reports a banner consisting of the raw HTTP response.
  • The HTTP probe now supports collecting environment data from LANDesk Management Agents.
  • HTTP screenshots are now only collected when a 2XX HTTP response code is seen.
  • HTTP screenshot processing is now more reliable.

v1.4.4

2020-02-16

  • The SMB Server GUID attribute is now used to correlate results to assets.
  • The SNMP sysName and sysObjectID attributes are now used to unmatch assets that have changed IPs or were mistakenly matched through another attribute (shared bogus MAC addresses or similar).
  • Interfaces with no global unicast addresses (including RFC1918) are no longer considered by the ARP and SYN scanners.
  • VLAN-tagged frames are now ignored by the SYN scanner resolving an issue where packets could be sent on the wrong interface by mistake.
  • SYN scans now have a mandatory delay between retry attempts, which improves reliability and decreases change churn when small network ranges are scanned.

v1.4.3

2020-02-13

  • Concurrent scans now use less resources and provide more accurate results.
  • A bug that caused some HTTP requests to be sent with an empty Host header has been fixed.
  • Version 1.4.1 and 1.4.2 were internal test releases and not deployed.

v1.4.0

2020-02-04

  • Version 1.4.0 is a rollup of post-1.3.0 point release work.

v1.3.2

2020-02-02

  • Agents now support concurrent scans, configured via the cloud console.
  • Agents now write log files and rotate these log files automatically.
  • Agents now scan faster on local segments within AWS VPCs.
  • Agents now support SNMP v3 Context values in the scan configuration.
  • Agents now try harder to recover from error cases during installation.

v1.3.1

2020-01-26

  • A race condition was resolved that could leave abandoned chrome.exe processes after a scan.

v1.3.0

2020-01-07

  • Version 1.3.0 is a rollup of post-1.2.0 point release work.

v1.2.3

2019-12-19

  • The agent now tracks virtual hosts better for reported HTTP and TLS services.

v1.2.2

2019-12-19

  • Support for the BACnet protocol has been added.

v1.2.1

2019-12-13

  • The protocol detection engine has received a number of small improvements (mongod recognition among others).

v1.2.0

2019-12-01

  • Version 1.2.0 is a rollup of post-1.1.0 point release work.

v1.1.15

2019-12-01

  • Improved normalization of wireless network fields for the wlan-list probe.

v1.1.14

2019-11-27

  • Additional bug fixes for SNMP processing.
  • Initial support for the wlan-list probe module.

v1.1.13

2019-11-26

  • Better support for truncated HTTP responses.

v1.1.12

2019-11-24

  • Invalid SNMP responses are now handled more efficiently.

v1.1.11

2019-11-24

  • A bug that could lead to memory exhaustion when Max Group Size was set to zero has been resolved.

v1.1.10

2019-11-23

  • A bug in the SNMP probe that could result in the scan missing the last round of enumeration results has been fixed.
  • Scans that result in excessive memory usage will now automatically upload a heap profile to enable support diagnostics.

v1.1.9

2019-11-22

  • Improved error handling and logging, minor performance increase.

v1.1.8

2019-11-22

  • Reduced memory usage on scan reply deduplication.

v1.1.7

2019-11-19

  • Cisco-specific MIBs are now enumerated for CAM/MAC table enumeration.
  • SNMP v2 is now queried two ways by the SNMP probe to improve device compatibility.
  • SNMP v3 authenticated enumeration is now available.

v1.1.6

2019-11-19

  • A number of small bugs in the SNMP probe have been resolved.

v1.1.5

2019-11-18

  • The SNMP probe will now try to obtain the full interface and MAC address list from each asset.

v1.1.4

2019-11-14

  • Miscellaneous fingerprinting improvements.

v1.1.3

2019-11-07

  • Improved protocol detection for the Click Modular Router daemon.

v1.1.2

2019-11-05

  • A bug that could lead to a agent being stuck in “stopping” status when a scan is stopped has been resolved.

v1.0.15

2019-11-04

  • Scans now support the Max Group Size option to limit the number of concurrent scan targets.
  • The MAC address prefix database and various other dependencies and fingerprints were updated.

v1.0.9

2019-10-24

  • The SYN probe now sends retries using the same source port and sequence number to minimize duplicate responses. MAC address fingerprints have been updated.

v1.0.8

2019-10-23

  • The SYN probe now retries twice if no RST is received. This improves reliability at the cost of a small increase in scan times. This can be changed by the syn-max-retries parameter in the console.

v1.0.7

2019-10-21

  • Scanner performance is no longer reduced when the ARP probe is enabled for non-local scan targets.

v1.0.3

2019-10-06

  • The macOS agent now supports additional interface types (loopback and tunnel adapters).

v1.0.2

2019-10-02

  • A race condition was fixed that could cause an agent to crash mid-scan. Affected scans would have an error status of task lost to agent restart.

v1.0.1

2019-10-01