Accessible Hadoop Report

This report identifies hosts that are running Hadoop and have either the NameNode or DataNode web interfaces running and accessible to the world on the Internet.

At a minimum, this can allow for information-gathering against the target organization. In other instances, it may allow a miscreant to manipulate the Hadoop instance.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the response came on (always TCP)
  • port
    Port that the response came from (50070/TCP or 50075/TCP)
  • hostname
    Reverse DNS name of the device in question
  • version
    Running version of Hadoop
  • tag
    Will always be hadoop
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • server_type
    The type of service that responded; this value is either "namenode" (response to probe on port 50070/TCP) or "datanode" (response to probe on port 50075/TCP); fields that contain data from only one type of response are denoted with either "namenode" or "datanode"
  • clusterid
    Unique ID of the cluster
  • total_disk
    The total amount of disk space available to Hadoop (in bytes) (namenode responses only)
  • used_disk
    The amount of disk space used by Hadoop (in bytes) (namenode responses only)
  • free_disk
    The amount of disk space free to Hadoop (in bytes) (namenode responses only)
  • livenodes
    The first live datanode name listed in the response (namenode responses only)
  • namenodeaddress
    Trivial hostname of the NameNode that the DataNode is associated with (datanode responses only)
  • volumeinfo
    The path that the hadoop data is stored in (datanode responses only)

Sample

"timestamp","ip","port","hostname","version","asn","geo","region","city","naics","sic","server_type","clusterid","total_disk","used_disk","free_disk","livenodes","namenodeaddress","volumeinfo"
"2017-09-13 02:06:05","199.116.235.200",50070,,"2.7.3, rbaa91f7c6bc9cb92be5982de4719c1c8af91ccff",15296,"CA","ALBERTA","CALGARY",0,0,"namenode","CID-64471a53-60cb-4302-9832-92f321f111fe",41567956992,53248,25160089600,"edmonton:50010",,
"2017-09-13 02:06:05","165.227.123.187",50070,,"2.5.0-cdh5.3.5, rc15da49be59e6ee467549c5ad9e99e1d4d31f972 ",14061,"US","NEW JERSEY","CLIFTON",0,0,"namenode","CID-5aa27504-96d6-4bde-9da4-c5498ac57d5c",169068572672,24576,153751240704,"s201709-8.localdomain",,
"2017-09-13 02:07:48","104.43.235.92",50075,,"2.7.1.2.4.0.0-169",8075,"US","IOWA","DES MOINES",334111,357101,"datanode","CID-771bae52-9e4f-4ec4-bc1a-c867585751f0",,,,,"sandbox.hortonworks.com","/hadoop/hdfs/data/current"

Our 80 Report Types

« Back to Network Reporting