Nmap Development mailing list archives
Re: Nmap - reliability of OS400 detection
From: "Michael Condon" <admin () singulartechnologysolutions com>
Date: Wed, 19 Nov 2008 23:29:59 -0600
It's been a couple of years since I've worked with the AS400 - at the time one was V4R5 , and the other was V5R1 - both were updated to V5R2. Looks like V5R4 was released in 2006. Looks like they are up to V6R1 now.
Here are the actual OS400 releases: V6R1M0 V5R4M0* V5R3M0* V5R2M0* V5R1M0* V4R5M0* V4R4M0 V4R3M0* V4R2M0 V4R1M0 V3R2M0 V3R1M3 V3R1M2 V3R1M1 V3R1M0
From the descriptions in nmap-os-db, it's hard to say how specific orgeneral the fingerprint is in some cases. For identifying OS400 version, it's kind of an overwhelming task to include the CUM/PTF level/Model/P-Class/CPW in the OS footprint, it's not really helpful, and in fact might lead to misreporting. Of the 15 OS400 releases above, 6 are listed in some form, a few redundantly (however, it's probably unnecessary to include V3 and some/all V4 versions since they probably aren't supported):
# i5/OS V5R4, CUMPTF C6297540, TCP/IP Group PTF 4, running on a iSeries Modell 270, Power4 based
Fingerprint IBM i5/OS V5r4 on an IBM iSeries (PPC) Class IBM | i5/OS | V5 | general purpose # iSeries 9406-820 Running OS/400 V5R3M0 Fingerprint IBM i5/OS V5R3M0 Class IBM | i5/OS | V5 | general purpose# IBM i5/OS V5r4m0 on an IBM "System i "(formerly known as an "i5", and an "E-Server - i Series", and "AS/400")
# IBM OS/400 V5 # IBM i5/OS V5R4 # System I5 running i5/OS V5R4 Fingerprint IBM i5/OS V5R4 Class IBM | i5/OS | V5 | general purpose# i5/OS V5R4, CUMPTF C6297540, TCP/IP Group PTF 4, running on a iSeries Modell 270, Power4 based
Fingerprint IBM i5/OS V5r4 on an IBM iSeries (PPC) Class IBM | i5/OS | V5 | general purpose # IBM OS/400 v4r3 on 720 machine Fingerprint IBM OS/400 V4R3 Class IBM | OS/400 | V4 | general purpose # OS/400 V4R5, CUMPTF 02050 Fingerprint IBM OS/400 V4R5 Class IBM | OS/400 | V4 | general purpose # AS/400 model 270 with OS/400 V5R1M0 Fingerprint IBM OS/400 V5R1M0 Class IBM | OS/400 | V5 | general purpose # IBM AS/400 - OS/400 - V5R2M0 L00 # This is specifically for a "V5R3M0 L00" installed release of OS/400. Fingerprint IBM OS/400 V5R2 - V5R3 Class IBM | OS/400 | V5 | general purpose # IBM OS/400 V05R02M00 Fingerprint IBM OS/400 V5R2M0 Class IBM | OS/400 | V5 | general purpose # IBM OS/400 V5 Release 3 Modification 0 Fingerprint IBM OS/400 V5R3 Class IBM | OS/400 | V5 | general purpose # V5 R3 of the OS/400 Fingerprint IBM OS/400 V5R3 Class IBM | OS/400 | V5 | general purpose -------------------------------------------------- From: "David Fifield" <david () bamsoftware com> Sent: Wednesday, November 19, 2008 5:50 PM To: <nmap-dev () insecure org> Cc: "Michael Condon" <admin () singulartechnologysolutions com> Subject: Re: Nmap - reliability of OS400 detection
On Tue, Nov 18, 2008 at 10:10:17PM -0600, Michael Condon wrote:How reliably can Nmap detect various versions of IBM OS400 and its versions?I don't know how to answer that. In nmap-os-db there are two fingerprints for OS/400 V4 and five prints for OS/400 V5. That's not a huge number but it should at least get you a guess. If Nmap misidentifies a host whose operating system you know, you can help improve OS detection by submitting the fingerprint at http://nmap.org/submit/. David Fifield
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap - reliability of OS400 detection Michael Condon (Nov 18)
- Re: Nmap - reliability of OS400 detection David Fifield (Nov 19)
- Re: Nmap - reliability of OS400 detection Michael Condon (Nov 19)
- Re: Nmap - reliability of OS400 detection David Fifield (Nov 19)