Nmap Development mailing list archives
Re: Fwd: hadoop and hbase information gathering
From: David Fifield <david () bamsoftware com>
Date: Mon, 31 Oct 2011 20:52:00 -0700
On Sun, Oct 30, 2011 at 10:46:33AM +0100, John Bond wrote:
On 14 October 2011 00:14, John Bond <john.r.bond () gmail com> wrote:can you send me the output of the script with nmap -ddd (this will produce a lot of output, some of which you may want to scrub) @david it is no a simple task to set up hadoop, not sure if you can even run everything on the same box. ill try to build a vm or some guidlines this weekend. in the mean time the cloudera docs are good https://ccp.cloudera.com/display/DOC/DocumentationAfter some feedback from patrick i have updated the port rule to trigger on shorport.http.
Okay. I can see the reason for this. All these different scripts run against different ports, but they are all HTTP. Patrick found that his university's Hadoop ran on different ports than the default. Using shortport.http should take these scripts out of default, I think, because they will only get a response from a minority of web servers. I might even modify the rule to be "got a service match for HTTP, but it is *not* running on a common HTTP port." Then it could be default again. I'm curious, what does a plain -sV scan output for these ports? http://hadoop.apache.org/hdfs/docs/r0.21.0/hdfs_user_guide.html says "The NameNode and Datanodes have built in web servers..." but we don't have anything matching "Hadoop" in nmap-service-probes. If we could do a quick check retrieval of /index.html (which would be cached) and use that to control whether the other scripts run, then they could be default too.
However these changes have introduced another issue. When using newtargets the port rule is not triggered, and therefore scripts dont run for the newtargets. Haven't looked at this yet but wondered if it is a known issue?
Why doesn't the portrule trigger? Are the new targets running the same services on the same ports?
There is also an issue which occurs when the script, thinks it discovers a new target which is actually the target been scanned. e.g. im scanning test.example.com which tells me that the another service is running on test.example.com. the script calls target.add("tes.example.com") which causes tes.example.com to get scanned for a second time.
It's a known issue. Let's not worry about it too much now. The target may be scanned twice but not three times, as newtargets checks for duplicate targets that it adds itself. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- hadoop and hbase information gathering John Bond (Oct 08)
- RE:[NSE] hadoop and hbase information gathering John Bond (Oct 11)
- Re: hadoop and hbase information gathering David Fifield (Oct 12)
- Message not available
- Fwd: hadoop and hbase information gathering John Bond (Oct 12)
- Re: Fwd: hadoop and hbase information gathering David Fifield (Oct 13)
- Re: Fwd: hadoop and hbase information gathering Patrick Donnelly (Oct 13)
- Re: Fwd: hadoop and hbase information gathering Patrick Donnelly (Oct 13)
- Re: Fwd: hadoop and hbase information gathering John Bond (Oct 13)
- Re: Fwd: hadoop and hbase information gathering John Bond (Oct 30)
- Re: Fwd: hadoop and hbase information gathering David Fifield (Oct 31)
- Re: Fwd: hadoop and hbase information gathering David Fifield (Nov 08)
- Re: Fwd: hadoop and hbase information gathering John Bond (Nov 09)
- Re: Fwd: hadoop and hbase information gathering David Fifield (Nov 09)
- Message not available