Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE script] Data Access Messaging Protocol used by Ingres Data Access server (iigcd)

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 7 Jun 2014 21:40:06 -0500
Quentin,

Using the following portrule will run the script on 21071, 21064, and any
port that service detection shows as running the ingres-dam service:

portrule = shortport.port_or_service({21071, 21064}, "ingres-dam", "tcp")

Currently, Nmap doesn't define the "ingres-dam" service, so we would have
to put in a service match line (and possibly a service probe) for that.
Then the user could discover Ingres Data Access servers by using the -sV
option.

Dan


On Sat, Jun 7, 2014 at 5:41 PM, qhardyfr () gmail com <qhardyfr () gmail com>
wrote:


Hello,

No output is produced with the following command: "nmap -sV -p 21071 <ip>".

I will limit the NSE script to the 21071 port by default and I will
"decode" the port (ex: the connection string of the 21071 port is II7).
Thank you for the idea :)
However, how I can give the choice to the user to scan other ports (ex:
21071) in my NSE script?
If I use the code "portrule = shortport.port_or_service({21071},
{"unknown",nil,''}, "tcp","open")" in the NSE script, the '-p' option will
be invalidated. and the 21071 port only will be used.
Do I have to add an option argument to the script?

Thank you in advance and thanks for your previous response.

--
Quentin HARDY





2014-06-03 4:56 GMT+02:00 Daniel Miller <bonsaiviking () gmail com>:

Quentin,


Thank you for your submission! This script looks like it would best fit
Nmap in 2 different ways:

1. We could convert the script as-is into a service probe and detection
line in nmap-service-probes. On the other hand, it's possible that we
already have a probe that Ingres database will reliably respond to. Would
you mind running "nmap -sV -p 21071 <ip>" and see if any output is
produced? I would expect something like "1 service unrecognized despite
returning data" followed by a service fingerprint.

2. We could expand the script to perform more probing; limit it to the
default ingres ports (21071 and 21064); and provide some detailed output.

The two options are not mutually exclusive. If, for example, we get a
good service match, we can make the script run on ports that have that
service, reducing the scope of the portrule (a good thing!). We could also
add a "decoding" of the port number into the instance ID, as described
here: http://community.actian.com/wiki/Ingres_TCP_Ports

Please let us know which of these options you could help us with. I look
forward to seeing better Ingres support in Nmap!

Dan


On Mon, Jun 2, 2014 at 8:01 AM, qhardyfr () gmail com <qhardyfr () gmail com>
wrote:


Hi, everybody,

Nmap doesn't detect the Data Access Messaging protocol yet.

The Data Access Messaging Protocol is used by Ingres Data Access server
(iigcd process in Ingres).
As far as I know, this protocol is used by Ingres Data Access server
ONLY.

The iigcd service allows a remote user to connect to the Ingres database
directly thanks to JDBC for exemple.

I have developed a NSE script which allow to detect this protocol.
It sends a specific DAM packet. If the service understands the protocol
and
responds with some specific values, then the service  Ingres Data Access
server is running.

See the NSE script for more information.

Output exemple:
--- nmap -p1-65535 --script ./ingres-scanner.nse <ip>
-- @output
-- PORT      STATE SERVICE
-- ...
-- 21071/tcp open  unknown
-- | ingres-scanner: Data Access Messaging Protocol (DAM) detected
-- |_Ingres Data Access server (iigcd)
-- ...

Hope it will help you,

--

Quentin HARDY

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/







_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: