Any security issue on DB2 client/server auth. over TCP 450 ?

• Previous message: adisegna_at_siscocorp.com: "RE: Open Ports on Cisco Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 28 Mar 2005 12:20:28 -0800 (PST)
To: security-basics@securityfocus.com

Hello list members ,

To ensure about some security parametrs I was looking
for ,
I desiced to assess the DB2 server I`m taking care of
.
what I coudn`t find a good answer after some search
was authentication staff.

I wonder if it is possible to reveal authentication
info ( user , pass or maybe both ? ) by
capture authentication between a DB2 server and a
DB-manager client such as DB2
universal client of IBM on win32 which comunicates to
TCP 450 of DB2 server .

of course authentication happens overe a crypted
session ,but what kind of encryption and
how much secure ? any known attack over this ?

if it`s something to be analyzed , I`ve captured four
unsuccessfull authentications
like ( user:pass ~~ A:A B:B C:C D:D E:E 1:1 2:2 3:3 )
and one successfull authentication (last try)
which I wont reveal directly untill some one do it :)
or it`s needed to analyse packets
to see how much secure is the prosess .

it maybe usefull to know that I use normal/default
authentication mechanism provided by client
and didn`t changed anything related to auth.
I just used "connect to {db-name} user {user-name}" in
my client to connect to db.and normal
try over visual interface by selecting DB and opening
it after auth. ( here I captured packets)

DB is running on linux and client , as mentioned
win32.
different auth mechanism based on client/server
platform ?

here is captured packets IF it`s needed.

finally , any other port/auth. mechanism for DB2 I
should take care of ?

thank you in advance.

Hamid.k

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

• application/octet-stream attachment: auth-dump

• Previous message: adisegna_at_siscocorp.com: "RE: Open Ports on Cisco Router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Windows Authentication, Single sign on and Active Directory ... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ... (microsoft.public.dotnet.framework.aspnet.security) Re: BASIC authentication Issues with IE - Part II - Solved but WHY? ... it does not know the difference between a request from IE or from ... some other HTTP client. ... Some other authentication schemes are more ... IIS can sometimes remember the token for a particular set of credentials so ... (microsoft.public.inetserver.iis.security) Re: Sporadic IAS Authentication problems ... * Some times however, a physical reboot of the client laptop is required, ... *The remote access policy in IAS is set to grant access to the group 'Domain ... Proxy-Policy-Name = Use Windows authentication for all users ... (microsoft.public.internet.radius) Re: ISAPI Authentication ... The job of your authentication filter is to accept ... non-Windows credentials from the client and then map them to a Windows ... (microsoft.public.inetserver.iis.security) Re: WCF security advice (and clarification) needed ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ... (microsoft.public.dotnet.framework.webservices)