Nmap Development mailing list archives

Re: Nmap - reliability of OS400 detection

From: "Michael Condon" <admin () singulartechnologysolutions com>
Date: Wed, 19 Nov 2008 23:29:59 -0600

It's been a couple of years since I've worked with the AS400 - at the timeone was V4R5 , and the other was V5R1 - both were updated to V5R2. Lookslike V5R4 was released in 2006. Looks like they are up to V6R1 now.

Here are the actual OS400 releases:
V6R1M0
V5R4M0*
V5R3M0*
V5R2M0*
V5R1M0*
V4R5M0*
V4R4M0
V4R3M0*
V4R2M0
V4R1M0
V3R2M0
V3R1M3
V3R1M2
V3R1M1
V3R1M0

From the descriptions in nmap-os-db, it's hard to say how specific or

general the fingerprint is in some cases. For identifying OS400 version,it's kind of an overwhelming task to include the CUM/PTFlevel/Model/P-Class/CPW in the OS footprint, it's not really helpful, and infact might lead to misreporting.Of the 15 OS400 releases above, 6 are listed in some form, a few redundantly(however, it's probably unnecessary to include V3 and some/all V4 versionssince they probably aren't supported):

# i5/OS V5R4, CUMPTF C6297540, TCP/IP Group PTF 4, running on a iSeriesModell 270, Power4 based

Fingerprint IBM i5/OS V5r4 on an IBM iSeries (PPC)
Class IBM | i5/OS | V5 | general purpose

# iSeries 9406-820 Running OS/400 V5R3M0
Fingerprint IBM i5/OS V5R3M0
Class IBM | i5/OS | V5 | general purpose

# IBM i5/OS V5r4m0 on an IBM "System i "(formerly known as an "i5", and an"E-Server - i Series", and "AS/400")

# IBM OS/400 V5
# IBM i5/OS V5R4
# System I5 running i5/OS V5R4
Fingerprint IBM i5/OS V5R4
Class IBM | i5/OS | V5 | general purpose

# i5/OS V5R4, CUMPTF C6297540, TCP/IP Group PTF 4, running on a iSeriesModell 270, Power4 based

Fingerprint IBM i5/OS V5r4 on an IBM iSeries (PPC)
Class IBM | i5/OS | V5 | general purpose

# IBM OS/400 v4r3 on 720 machine
Fingerprint IBM OS/400 V4R3
Class IBM | OS/400 | V4 | general purpose

# OS/400 V4R5, CUMPTF 02050
Fingerprint IBM OS/400 V4R5
Class IBM | OS/400 | V4 | general purpose

# AS/400 model 270 with OS/400 V5R1M0
Fingerprint IBM OS/400 V5R1M0
Class IBM | OS/400 | V5 | general purpose

# IBM AS/400 - OS/400 - V5R2M0 L00
# This is specifically for a "V5R3M0 L00" installed release of OS/400.
Fingerprint IBM OS/400 V5R2 - V5R3
Class IBM | OS/400 | V5 | general purpose

# IBM OS/400 V05R02M00
Fingerprint IBM OS/400 V5R2M0
Class IBM | OS/400 | V5 | general purpose

# IBM OS/400 V5 Release 3 Modification 0
Fingerprint IBM OS/400 V5R3
Class IBM | OS/400 | V5 | general purpose

# V5 R3 of the OS/400
Fingerprint IBM OS/400 V5R3
Class IBM | OS/400 | V5 | general purpose


--------------------------------------------------
From: "David Fifield" <david () bamsoftware com>
Sent: Wednesday, November 19, 2008 5:50 PM
To: <nmap-dev () insecure org>
Cc: "Michael Condon" <admin () singulartechnologysolutions com>
Subject: Re: Nmap - reliability of OS400 detection

On Tue, Nov 18, 2008 at 10:10:17PM -0600, Michael Condon wrote:

How reliably can Nmap detect various versions of IBM OS400 and itsversions?


I don't know how to answer that. In nmap-os-db there are two fingerprints
for OS/400 V4 and five prints for OS/400 V5. That's not a huge number
but it should at least get you a guess. If Nmap misidentifies a host
whose operating system you know, you can help improve OS detection by
submitting the fingerprint at http://nmap.org/submit/.

David Fifield


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Nmap - reliability of OS400 detection Michael Condon (Nov 18)
- Re: Nmap - reliability of OS400 detection David Fifield (Nov 19)
  - Re: Nmap - reliability of OS400 detection Michael Condon (Nov 19)