Fwd: [NSE script] Data Access Messaging Protocol used by Ingres Data Access server (iigcd)

["qhardyfr () gmail com" <qhardyfr () gmail com>]

Hello everyone,

I think the following service probe for Ingres is good.

Is the Ingres service probe in the current nmap version?

If no, when this service probe will be pushed in the current nmap version?

Thank you in advance,

--
Quentin HARDY


---------- Forwarded message ----------
From: qhardyfr () gmail com <qhardyfr () gmail com>
Date: 2014-06-16 11:03 GMT+02:00
Subject: Fwd: [NSE script] Data Access Messaging Protocol used by Ingres
Data Access server (iigcd)
To: Daniel Miller <bonsaiviking () gmail com>


Hello Daniel,

What do you think of the Ingres service-probes ?

Is this script OK?

Thank you in advance,

--
Quentin HARDY

---------- Forwarded message ----------
From: qhardyfr () gmail com <qhardyfr () gmail com>
Date: 2014-06-08 23:02 GMT+02:00
Subject: Re: [NSE script] Data Access Messaging Protocol used by Ingres
Data Access server (iigcd)
To: Daniel Miller <bonsaiviking () gmail com>


Hello Daniel,

I have written the nmap-services line and the nmap-service-probes script:

[+] In the nmap-services file, replace
"""unknown 21071/udp       0.000654"""
by
"""ingres-dam      21071/tcp       0.000654 #Data Access Messaging Protocol
used by Ingres Data Access Server (iigcd)"""

[+] In the nmap-service-probes file, add this source code in order to
detect the DAM protocol:
"""
##############################NEXT PROBE##############################
#Detect the Data Access Messaging Protocol (DAM) used by Ingres Data Access
Server (iigcd)
#"2300" --length of the following array +2
#"4a43544c" --Transport packet ID
#"4352" --Connection Request (ascii ‘CR’)
#"010102" --DAM-TL Protocol Level (lvl 2)
#"02010f" --Packet Size
#"0604444d4d4c" --Message Layer Protocol ID ('DMML')
#"030d" --Length of the following Session mask
#"010107" -- DAM-ML protocol level (lvl 7)
#"0308daafb0479210e2e5" --Session mask

Probe TCP dam-connection
q|\x23\x00\x4a\x43\x54\x4c\x43\x52\x01\x01\x02\x02\x01\x0f\x06\x04\x44\x4d\x4d\x4c\x03\x0d\x01\x01\x07\x03\x08\xda\xaf\xb0\x47\x92\x10\xe2\xe5|
ports 21071, 21064


# (..) --packet length
# "4a43544c4343" and "444d544c4343" --Only 2 possibility for the Transport
Packet ID
# "0604444d4d4c" --Currently, only a single message layer protocol is
defined (444d4d4c)
match dam-connection
m/^(..)(\x4a\x43\x54\x4c\x43\x43|\x44\x4d\x54\x4c\x43\x43)(.*)\x06\x04\x44\x4d\x4d\x4c/s
p/ingres-dam/
"""

What do you think about that ?

I will write a new Ingres nse script soon as possible in order to get the
string connection (ex: II7) from the port.
There is no more information to pickup from the connection because we need
to be connected in order to get the Ingres version.

Thank you for you help,

--
Quentin HARDY
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/