Stack Scan sensor
The Stack Scan sensor provides credential-less discovery (less intrusive discovery) of the installed operating system and open ports on a computer system.
Sensor name that is used in the GUI and logs
StackScanSensor
Prerequisites
The sensor requires the following software:
- Nmap tool. See Configuring Nmap for details.
- WinPcap tool for Windows operating systems. Although this tool is available on the TADDM DVD, you must install it manually because it is not installed during the TADDM installation.
- Sudo tool for non-Windows operating systems.For TADDM on AIX operating systems: For the TADDM user to use the nmap tool through sudo, you must install and configure sudo version 1.6.7p5. This is because TADDM has problems with the most recent sudo version, which is version 1.6.9p15.
Security issues
To configure sudo access for the TADDM user, you need to set a nopasswd option in the /etc/sudoers file for the TADDM user.
Limitations
nmap -T Normal -O -sS -sU -oX - IPaddress
Application servers and services discovered using a credential-less (Level 1) discovery are reconciled with the application servers and services using a Level 2 or Level 3 discovery, only if the binding TCP ports are the same. All application servers and services discovered using a Level 1 discovery remain following a Level 2 or Level 3 discovery, but applications and services matching on the binding ports are merged.
Model objects created
The sensor creates the following model objects:
- net.IpAddress
- net.IpInterface
- net.L2Interface
- sys.aix.Aix
- sys.aix.AixUnitaryComputerSystem
- sys.ComputerSystem
- sys.hpux.HpUx
- sys.hpux.HpUxUnitaryComputerSystem
- sys.i5OS.I5OperatingSystem
- sys.linux.Linux
- sys.linux.LinuxUnitaryComputerSystem
- sys.OperatingSystem
- sys.sun.Solaris
- sys.sun.SunSPARCUnitaryComputerSystem
- sys.tru64.Tru64
- sys.windows.WindowsComputerSystem
- sys.windows.WindowsOperatingSystem
- sys.zOS.ZOS
- sys.zOS.ZSeriesComputerSystem