Nmap Development mailing list archives
Re: [SCRIPT] DB2 Information gathering script
From: Ron <ron () skullsecurity net>
Date: Mon, 09 Nov 2009 10:18:57 -0600
Hi Tom,I couldn't find any DB2 servers in our environment that listen on 50000 or 60000. Perhaps it has to do with our lockdown profile, or something?
I found one that I could connect to on 6789, though I didn't try that port on all of them.
Ron Tom Sellers wrote:
I have written a NSE script that enhances version detection for DB2. It also gathers platform (OS) and database instance information. It functions in a similarway to the MS SQL script.The script sends a DB2 EXCSAT (exchange server attributes) command packet and parses the response. This is a legitimate DB2 command and, based on my reviews of logs, causes no problems on the server. DB2 does log the connection and thesource IP address though. PORT STATE SERVICE VERSION 523/tcp open ibm-db2 IBM DB2 Database Server 9.07.0 50000/tcp open ibm-db2 IBM DB2 Database Server 9.07.0 (QDB2/LINUX) | db2-info: DB2 Version: 9.07.0 | Server Platform: QDB2/LINUX | Instance Name: db2inst1 |_ External Name: db2inst1db2agent000051B3%FED%Y00In the sample output above the version of the DB2 DAS service on port 523 was detected using nmap-service-probes. Historically, unlike the DAS port on 523,we have been unable to detect the exact version number on the DB2 databaseinstances themselves. There may be multiple DB2 database instances and theytypically cluster around port 50000 and 60000.Port 50000 would normally be detected as service "ibm-db2" with a version string "IBM DB2 Database Server". The attached NSE script can now detect the exactversion number and platform as well as the instance name for each of the databases.Any testing or feedback with the functionality and structure of the script wouldbe greatly appreciated! Here are my current concerns with the script:1. Is the default output too verbose? Should I limit the output to the infoon the port line by default and add the other lines with -v?2. The data from the server is encoded in EBCDIC. I am decoding this will what amounts to a lookup table. Is there a more appropriate/efficient way tohandle this? 3. I have built the EBCDIC table containing the ASCII chars that we shouldencounter in this context. Should I go ahead and build out the full ASCIItable? (And wow, I am glad we don't use EBCDIC for much.) Thanks much, Tom ------------------------------------------------------------------------ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [SCRIPT] DB2 Information gathering script Tom Sellers (Nov 08)
- Re: [SCRIPT] DB2 Information gathering script Matt Selsky (Nov 09)
- Re: [SCRIPT] DB2 Information gathering script Tom Sellers (Nov 09)
- Re: [SCRIPT] DB2 Information gathering script - New version of the script Tom Sellers (Nov 10)
- Re: [SCRIPT] DB2 Information gathering script - New version of the script David Fifield (Nov 11)
- Re: [SCRIPT] DB2 Information gathering script - New version of the script Tom Sellers (Nov 11)
- Re: [SCRIPT] DB2 Information gathering script - New version of the script Matt Selsky (Nov 11)
- Re: [SCRIPT] DB2 Information gathering script Matt Selsky (Nov 09)
- Re: [SCRIPT] DB2 Information gathering script Ron (Nov 09)
- Re: [SCRIPT] DB2 Information gathering script doug (Nov 09)
- Re: [SCRIPT] DB2 Information gathering script Fyodor (Nov 09)