Nmap Development mailing list archives
PATCH: Oracle related matchline cleanup
From: Tom Sellers <nmap () fadedcode net>
Date: Wed, 13 May 2009 19:29:33 -0500
A problem that I had with Oracle detection last year [1] cropped back up again recently. After digging around for a bit I finally settled on a proposed solution and implemented and tested it. In short, the service response was 2 packets. The first packet contained no version info, but happened to have a generic matchline so the service was detected and the match process completed, but yielded little information. The resulting output looked like this: 1521/tcp open oracle-tns Oracle TNS Listener Changing this generic matchline to a softmatch allowed the process to continue. The second packet contains detailed version and platform information and is actually detected by a matchline PRIOR to the generic, now soft- matchline. The results now look like this: 1521/tcp open oracle-tns Oracle TNS Listener 10.2.0.1.0 (for Linux) Much better! I have tested this patch against the 8, 9 and 10 families of Oracle on Linux and Windows. There was also an Oracle related matchline that was triggered by the DNSVersionBindReq probe. I have removed this in favor of the more precise Oracle probe and matchlines. Any versions that were previously detected by this old, but not by the new (shouldn't be any!!) will likely be picked up by the dedicated Oracle probe and either not match anything or trigger on the softmatch. Additionally, there is now a new matchline for an Oracle service that is not the TNS listener, but that was triggering on the old, generic TNS matchline. I have tried to locate the official name or function for the service, but I have been unsuccessful. It also does not help that the new service lives on a dynamic port, usually low on 9.x and high on 10.x versions of Oracle. In summary the attached patch 1. Adds specific detection for the database service. 2. Changes a former incomplete match line to a softmatch line. 3. Adds an additional ports line entry for 1526 to the oracle-tns probe 4. Cleans up some old Oracle related matchlines that were triggered by the DNSVersionBindReq probe and removes 1521 from the DNS probe. Tom 1. http://seclists.org/nmap-dev/2008/q3/0030.html
Attachment:
matchline_oracle_tns.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- PATCH: Oracle related matchline cleanup Tom Sellers (May 13)
- Re: PATCH: Oracle related matchline cleanup Verde Denim (May 13)
- Re: PATCH: Oracle related matchline cleanup Fyodor (May 13)