Hello list members ,
To ensure about some security parametrs I was looking
for ,
I desiced to assess the DB2 server I`m taking care of
.
what I coudn`t find a good answer after some search
was authentication staff.
I wonder if it is possible to reveal authentication
info ( user , pass or maybe both ? ) by
capture authentication between a DB2 server and a
DB-manager client such as DB2
universal client of IBM on win32 which comunicates to
TCP 450 of DB2 server .
of course authentication happens overe a crypted
session ,but what kind of encryption and
how much secure ? any known attack over this ?
if it`s something to be analyzed , I`ve captured four
unsuccessfull authentications
like ( user:pass ~~ A:A B:B C:C D:D E:E 1:1 2:2 3:3 )
and one successfull authentication (last try)
which I wont reveal directly untill some one do it :)
or it`s needed to analyse packets
to see how much secure is the prosess .
it maybe usefull to know that I use normal/default
authentication mechanism provided by client
and didn`t changed anything related to auth.
I just used "connect to {db-name} user {user-name}" in
my client to connect to db.and normal
try over visual interface by selecting DB and opening
it after auth. ( here I captured packets)
DB is running on linux and client , as mentioned
win32.
different auth mechanism based on client/server
platform ?
here is captured packets IF it`s needed.
finally , any other port/auth. mechanism for DB2 I
should take care of ?
thank you in advance.
Hamid.k
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
- application/octet-stream attachment: auth-dump
Received on Mar 29 2005
Intro
