Nmap Development mailing list archives
Re: [NSE script] Data Access Messaging Protocol used by Ingres Data Access server (iigcd)
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 2 Jun 2014 21:56:55 -0500
Quentin, Thank you for your submission! This script looks like it would best fit Nmap in 2 different ways: 1. We could convert the script as-is into a service probe and detection line in nmap-service-probes. On the other hand, it's possible that we already have a probe that Ingres database will reliably respond to. Would you mind running "nmap -sV -p 21071 <ip>" and see if any output is produced? I would expect something like "1 service unrecognized despite returning data" followed by a service fingerprint. 2. We could expand the script to perform more probing; limit it to the default ingres ports (21071 and 21064); and provide some detailed output. The two options are not mutually exclusive. If, for example, we get a good service match, we can make the script run on ports that have that service, reducing the scope of the portrule (a good thing!). We could also add a "decoding" of the port number into the instance ID, as described here: http://community.actian.com/wiki/Ingres_TCP_Ports Please let us know which of these options you could help us with. I look forward to seeing better Ingres support in Nmap! Dan On Mon, Jun 2, 2014 at 8:01 AM, qhardyfr () gmail com <qhardyfr () gmail com> wrote:
Hi, everybody, Nmap doesn't detect the Data Access Messaging protocol yet. The Data Access Messaging Protocol is used by Ingres Data Access server (iigcd process in Ingres). As far as I know, this protocol is used by Ingres Data Access server ONLY. The iigcd service allows a remote user to connect to the Ingres database directly thanks to JDBC for exemple. I have developed a NSE script which allow to detect this protocol. It sends a specific DAM packet. If the service understands the protocol and responds with some specific values, then the service Ingres Data Access server is running. See the NSE script for more information. Output exemple: --- nmap -p1-65535 --script ./ingres-scanner.nse <ip> -- @output -- PORT STATE SERVICE -- ... -- 21071/tcp open unknown -- | ingres-scanner: Data Access Messaging Protocol (DAM) detected -- |_Ingres Data Access server (iigcd) -- ... Hope it will help you, -- Quentin HARDY _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE script] Data Access Messaging Protocol used by Ingres Data Access server (iigcd) qhardyfr () gmail com (Jun 02)
- Re: [NSE script] Data Access Messaging Protocol used by Ingres Data Access server (iigcd) Daniel Miller (Jun 02)
- Message not available
- Re: [NSE script] Data Access Messaging Protocol used by Ingres Data Access server (iigcd) Daniel Miller (Jun 07)
- Message not available
- Re: [NSE script] Data Access Messaging Protocol used by Ingres Data Access server (iigcd) Daniel Miller (Jun 02)