Any security issue on DB2 client/server auth. over TCP 450 ?

["Hamid . K" <elite_netbios () yahoo com>]

Hello list members , 

To ensure about some security parametrs I was looking
for , 
I desiced to assess the DB2 server I`m taking care of
.
what I coudn`t find a good answer after some search
was authentication staff.


I wonder if it is possible to reveal authentication
info ( user , pass or maybe both ? ) by
capture authentication between a DB2 server and a
DB-manager client such as DB2
universal client of IBM on win32 which comunicates to
TCP 450 of DB2 server .

of course authentication happens overe a crypted
session ,but what kind of encryption and
how much secure ? any known attack over this ? 

if it`s something to be analyzed , I`ve captured four
unsuccessfull authentications
like ( user:pass ~~ A:A  B:B C:C D:D E:E 1:1 2:2 3:3 )
and one successfull authentication (last try)
which I wont reveal directly untill some one do it :)
or it`s needed to analyse packets
to see how much secure is the prosess .

it maybe usefull to know that I use normal/default
authentication mechanism provided by client
and didn`t changed anything related to auth.
I just used "connect to {db-name} user {user-name}" in
my client to connect to db.and normal
try over visual interface by selecting DB and opening
it after auth. ( here I captured packets)

DB is running on linux and client , as mentioned
win32. 
different auth mechanism based on client/server
platform ?

here is captured packets IF it`s needed.

finally , any other port/auth. mechanism for DB2 I
should take care of ?

thank you in advance.

Hamid.k

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Attachment: auth-dump
Description: auth-dump