Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Fwd: hadoop and hbase information gathering
From: David Fifield <david () bamsoftware com>
Date: Mon, 31 Oct 2011 20:52:00 -0700

On Sun, Oct 30, 2011 at 10:46:33AM +0100, John Bond wrote:
On 14 October 2011 00:14, John Bond <john.r.bond () gmail com> wrote:
can you send me the output of the script with nmap -ddd (this will
produce a lot of output, some of which you may want to scrub)

@david it is no a simple task to set up hadoop, not sure if you can
even run everything on the same box.  ill try to build a vm or some
guidlines this weekend. in the mean time the cloudera docs are good

After some feedback from patrick i have updated the port rule to
trigger on shorport.http.

Okay. I can see the reason for this. All these different scripts run
against different ports, but they are all HTTP. Patrick found that his
university's Hadoop ran on different ports than the default.

Using shortport.http should take these scripts out of default, I think,
because they will only get a response from a minority of web servers. I
might even modify the rule to be "got a service match for HTTP, but it
is *not* running on a common HTTP port." Then it could be default again.

I'm curious, what does a plain -sV scan output for these ports?
http://hadoop.apache.org/hdfs/docs/r0.21.0/hdfs_user_guide.html says
"The NameNode and Datanodes have built in web servers..." but we don't
have anything matching "Hadoop" in nmap-service-probes. If we could do a
quick check retrieval of /index.html (which would be cached) and use
that to control whether the other scripts run, then they could be
default too.

However these changes have introduced another issue.  When using
newtargets the port rule is not triggered, and therefore scripts dont
run for the newtargets.  Haven't looked at this yet but wondered if it
is a known issue?

Why doesn't the portrule trigger? Are the new targets running the same
services on the same ports?

There is also an issue which occurs when the script, thinks it
discovers a new target which is actually the target been scanned.
e.g. im scanning test.example.com which tells me that the another
service is running on test.example.com.  the script calls
target.add("tes.example.com") which causes tes.example.com to get
scanned for a second time.

It's a known issue. Let's not worry about it too much now. The target
may be scanned twice but not three times, as newtargets checks for
duplicate targets that it adds itself.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]