Open DB2 Discovery Service Report

This report identifies hosts that have the DB2 Discovery Service running and accessible on the Internet.

This service has the potential to expose information about a client’s network on which this service is accessible, and the service itself can be used in UDP amplification attacks.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the DB2 response came on (always UDP)
  • port
    Port that the DB2 response came from (usually 523/UDP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be db2
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • version
    Reported version number of the DB2 server — it is in the format of "SQL v[major_version].[minor_version].[patch_level]"
  • db2_hostname
    This is the self-reported hostname that is returned in the DB2RETADDR response
  • servername
    The reported server name of the DB2 server that is also included in the DB2RETADDR response — it may or may not match the db2_hostname field
  • size
    Payload response size in bytes, excluding the UDP header

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","db2_hostname","servername","size"
"2016-05-17 19:09:38","221.0.111.99","udp",523,,"db2",4837,"CN","SHANDONG","JINAN",0,0,"SERVER1","server1",298
"2016-05-17 19:09:44","217.241.57.135","udp",523,"pd9f13987.dip0.t-ipconnect.de","db2",3320,"DE","BAYERN","NUREMBERG",541690,874899,"KRONOS","kronos",298
"2016-05-17 19:09:45","50.74.123.218","udp",523,"rrcs-50-74-123-218.nyc.biz.rr.com","db2",12271,"US","NEW YORK","BROOKLYN",518210,737415,"3PS1-NY-NY-US","3PS1-NY-NY-US",298
"2016-05-17 19:09:50","169.45.240.140","udp",523,"8c.f0.2da9.ip4.static.sl-reverse.com","db2",36351,"CA","CANADA","?",0,0,"BFOUL92322733","andre51380738",298
"2016-05-17 19:09:51","146.186.241.196","udp",523,"oglethorpe.hev.psu.edu","db2",3999,"US","PENNSYLVANIA","UNIVERSITY PARK",611310,822101,"OGLETHORPE","oglethorpe",298
"2016-05-17 19:09:54","120.25.150.165","udp",523,,"db2",37963,"CN","ZHEJIANG","HANGZHOU",0,0,"IZ94EZWEHT3Z","iZ94ezweht3Z",298
"2016-05-17 19:09:56","169.55.157.170","udp",523,"aa.9d.37a9.ip4.static.sl-reverse.com","db2",36351,"CA","ONTARIO","TORONTO",0,0,"LLSOM331114754","llsom331114754",298
"2016-05-17 19:09:57","96.56.210.52","udp",523,"ool-6038d234.static.optonline.net","db2",6128,"US","NEW JERSEY","PARK RIDGE",518210,737415,"ATCS-US","ATCS-US",298
"2016-05-17 19:10:03","202.126.38.221","udp",523,,"db2",17894,"PH","MANILA","MAKATI",0,0,"RGCDEV","rgcdev",298

Our 76 Report Types

« Back to Network Reporting