Re: DB2 udp probe

[Tom Sellers <nmap () fadedcode net>]

Patrik Karlsson wrote:
> Hi,
>
> I added a probe for 523/udp (DB2) that properly detects my DB2 servers.
> Again, I'm not sure on the match, maybe it's to narrow, so I am submitting the signature.
> HARDY-SRV01 is the name of the box and I'm running it against DB2 9.7 on linux.
>
> SF-Port523-UDP:V=5.10BETA1%I=7%D=11/26%Time=4B0E6AC1%P=i386-apple-darwin10.2.0%r(ibm-db2,12A,"DB2RETADDR\0SQL09070\0HARDY-SRV01\0\0\0\0\0\0\0\0\0\0\0
> SF:hardy-srv01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
> SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
> SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
> SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
> SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
> SF:\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
> SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
> SF:\0\0");
>
>
> //
> Patrik

Patrik,
        
        Thanks for sending the probe and matchline.  I have tweaked it a
touch so that it reports the DB2 DAS version and hostname.

523/udp   open   ibm-db2 IBM DB2 Database Server 9.07.0 (Hostname: GATEWAY)

I also changed to the probe name to be unique and limited the port to just
523/UDP.  Do you know of any cases where the database instances (50000 range)
listen on UDP?

Can you test it again and verify that it works in your environment as well?
If so I will commit the changes.

Tom

Attachment: db2-das-udp.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/