HIGH: Open DB2 Discovery Service Report

DESCRIPTION LAST UPDATED: 2023-12-08

SEVERITY LEVEL: HIGH

This report identifies hosts that have the DB2 Discovery Service running and accessible on the Internet.

This service has the potential to expose information about a client’s network on which this service is accessible, and the service itself can be used in UDP amplification attacks.

You can view latest DB2 Discovery service exposure on our Dashboard.

Severity levels are described here.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filenames: scan_db2

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the DB2 response came on (always UDP)
  • port
    Port that the DB2 response came from (usually 523/UDP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be db2
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • db2_hostname
    This is the self-reported hostname that is returned in the DB2RETADDR response
  • servername
    The reported server name of the DB2 server that is also included in the DB2RETADDR response — it may or may not match the db2_hostname field
  • response_size
    Payload response size in bytes, excluding the UDP header
  • amplification
    Amplification factor (This amplification is is based solely on the payload size sent and payload size received)
  • sector
    Sector the device belongs to

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","db2_hostname","servername","response_size","amplification","sector"
"2010-02-10 00:00:00",high,192.168.0.1,udp,523,node01.example.com,db2,64512,ZZ,Region,City,0,,HOST-7,node01.example.com,298,14.90,"Communications, Service Provider, and Hosting Service"
"2010-02-10 00:00:01",high,192.168.0.2,udp,523,node02.example.com,db2,64512,ZZ,Region,City,0,ptr,MAXIMOTEST,node02.example.com,298,14.90,"Communications, Service Provider, and Hosting Service"
"2010-02-10 00:00:02",high,192.168.0.3,udp,523,node03.example.com,db2,64512,ZZ,Region,City,0,ptr,EMCERP,node03.example.com,298,14.90,"Communications, Service Provider, and Hosting Service"

Our 135 Report Types

« Back to Network Reporting