Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

PATCH: Oracle related matchline cleanup

From: Tom Sellers <nmap () fadedcode net>
Date: Wed, 13 May 2009 19:29:33 -0500
A problem that I had with Oracle detection last year [1] cropped back up again
recently.  After digging around for a bit I finally settled on a proposed solution
and implemented and tested it.

In short, the service response was 2 packets.  The first packet contained no version
info, but happened to have a generic matchline so the service was detected and the
match process completed, but yielded little information.  The resulting output looked
like this:

1521/tcp open  oracle-tns Oracle TNS Listener

Changing this generic matchline to a softmatch allowed the process to continue.  The
second packet contains detailed version and platform information and is actually detected
by a matchline PRIOR to the generic, now soft- matchline.   The results now look like
this:

1521/tcp  open  oracle-tns Oracle TNS Listener 10.2.0.1.0 (for Linux)

Much better!

I have tested this patch against the 8, 9 and 10 families of Oracle on Linux and
Windows.

There was also an Oracle related matchline that was triggered by the DNSVersionBindReq
probe.  I have removed this in favor of the more precise Oracle probe and matchlines.
Any versions that were previously detected by this old, but not by the new (shouldn't
be any!!) will likely be picked up by the dedicated Oracle probe and either not match
anything or trigger on the softmatch.

Additionally, there is now a new matchline for an Oracle service that is not the
TNS listener, but that was triggering on the old, generic TNS matchline.  I have tried
to locate the official name or function for the service, but I have been unsuccessful.
It also does not help that the new service lives on a dynamic port, usually low on
9.x and high on 10.x versions of Oracle.


In summary the attached patch
1.  Adds specific detection for the database service.
2.  Changes a former incomplete match line to a softmatch line.
3.  Adds an additional ports line entry for 1526 to the oracle-tns probe
4.  Cleans up some old Oracle related matchlines that were triggered
    by the DNSVersionBindReq probe and removes 1521 from the DNS probe.

Tom



1.  http://seclists.org/nmap-dev/2008/q3/0030.html

Attachment: matchline_oracle_tns.txt
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: