Nmap Development mailing list archives
Re: [NSE] Mainframe (z/OS & z/VM) Network Job Entry (NJE) Service Detection
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 2 Nov 2015 18:29:12 -0600
Great, we can add this. Softmatch is helpful when a later probe can extract more information, or when it would be helpful to get service fingerprint submissions from users. If this service only ever responds with the NAK or ACK and no further data, then it's probably fine to make these "match" lines instead. Added in r35373. Dan On Nov 2, 2015 2:25 PM, "Main Framed" <mainframed767 () gmail com> wrote:
Yeah, after sending the previous email, I actually re-wrote it as a service probe and sent it in an email on September 10th: http://seclists.org/nmap-dev/2015/q3/291 as a diff (see below) Is there a problem using match vs. softmatch? (here's what I sent with your edits incorporated) ##############################NEXT PROBE############################## # Queries z/OS Network Job Entry # Sends an NJE Probe with the following information (text is converted to EBCDIC): # TYPE = OPEN # OHOST = FAKE # RHOST = FAKE # RIP and OIP = 0.0.0.0 # R = 0 # Based on http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa600/init.htm Probe TCP nje q|\xd6\xd7\xc5\xd5\x40\x40\x40\x40\xc6\xc1\xd2\xc5\x40\x40\x40\x40\x00\x00\x00\x00\xc6\xc1\xd2\xc5\x40\x40\x40\x40\x00\x00\x00\x00\x00| rarity 9 ports 175 sslports 2252 # If the port supports NJE it will respond with either a 'NAK' or 'ACK' in EBCDIC softmatch nje m|^\xd5\xc1\xd2| p/IBM Network Job Entry (JES)/ softmatch nje m|^\xc1\xc3\xd2| p/IBM Network Job Entry (JES)/ On Sun, Nov 1, 2015 at 9:12 PM, Daniel Miller <bonsaiviking () gmail com> wrote:SoF, This looks like another one that could be implemented as a service probe. Try this out and see if it's a good match. If you have a better idea for a probe that gets detailed information from the service like a banner or other info, that'd be great, too: ##############################NEXT PROBE############################## # Network Job Entry # http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa600/intro.htm Probe TCP NJE q|\xd6\xd7\xc5\xd5@@@@\xc6\xc1\xd2\xc5@ @@@\0\0\0\0\xc6\xc1\xd2\xc5@@@@\0\0\0\0\0| rarity 9 ports 175 sslports 2252 softmatch nje m|^\xd5\xc1\xd2| p|z/OS Network Job Entry| softmatch nje m|^\xc1\xc3\xd2| p|z/OS Network Job Entry| Dan On Fri, Sep 4, 2015 at 6:17 PM, Main Framed <mainframed767 () gmail com> wrote:This is a new script which identifies open ports on a mainframe that support Network Job Entry (or NJE). You can read more about Network Job Entry here: http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.hasa600/intro.htm The protocol is described here: http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss?CTY=US&FNC=SRX&PBL=SA22-7539-02 A script is required because upon connection the port doesn't send any information and waits for the 'client' to initiate the connection. This script performs that initial connection to determine if it is NJE. -- Soldier of Fortran @mainframed767 _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/-- Soldier of Fortran @mainframed767
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Mainframe (z/OS & z/VM) Network Job Entry (NJE) Service Detection Daniel Miller (Nov 01)
- Re: [NSE] Mainframe (z/OS & z/VM) Network Job Entry (NJE) Service Detection Main Framed (Nov 02)
- Re: [NSE] Mainframe (z/OS & z/VM) Network Job Entry (NJE) Service Detection Daniel Miller (Nov 02)
- Re: [NSE] Mainframe (z/OS & z/VM) Network Job Entry (NJE) Service Detection Main Framed (Nov 02)
- Re: [NSE] Mainframe (z/OS & z/VM) Network Job Entry (NJE) Service Detection Daniel Miller (Nov 02)
- Re: [NSE] Mainframe (z/OS & z/VM) Network Job Entry (NJE) Service Detection Main Framed (Nov 02)