For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mfsaez_127780's avatar
mfsaez_127780
Icon for Nimbostratus rankNimbostratus
Jul 22, 2003

Find F5 machines in my network

Dose anybody knows how can I automatically search for F5 machines in my network from a Java program?. I tried to scan a F5 machine using nmap but it does not send any respond. I suppose F5 block or ignore that kind of traffic to improve the security. Can someone give me some idea?. I have thought to try to connect to the iControl portal using https for each ip, but I think ther must be a better method.

 

 

Thanks:

 

 

Miguel Fernandez
dev
devops
iControl
v4

2 Replies

  • Joe_Pruitt's avatar
    Joe_Pruitt
    Jul 23, 2003
    I don't have experience with nmap so unfortunately I cannot help out with that tool. BIG-IP does block ports by default. The problem with connecting to the iControl portal over HTTPS is that in Java you need to have the server certificates installed in the client truststore to allow a trusted connection to the server. Also, you would need the authentication credentials for each machine you are connecting to. You could determine if a machine was serving up https, but you couldn't know if it was a BIG-IP.

     

     

    One solution that is possible is to scan the network for servers listening on ports 683 (CORBA IIOP) and 684 (CORBA IIOP+SSL). These are the ports that BIG-IP exposes the CORBA interface on. IIOP+SSL (684) is not likely to be supported on other products and would likely indicate it being a BIG-IP so I would look for this one first.

     

     

    Good luck, and let usknow how it goes. Also, if you get some code working for this, we'd appreciate snippets you could contribute to this site.

     

     

    -Joe
  • mfsaez_127780's avatar
    mfsaez_127780
    Icon for Nimbostratus rankNimbostratus
    Jul 23, 2003
    As I commented in my last post, I managed to get a response from Big-IP using NMap. The command I used to get the information is: 

    nmap -sS -PT -PI  -p 443,22 -O -T 3 host

    and the response was: 

    Starting nmap V. 3.00 ( www.insecure.org/nmap ) 
 Warning:  OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port 
 Interesting ports on  (host): 
 Port       State       Service 
 22/tcp     open        ssh                      
 443/tcp    open        https                    
 Remote operating system guess: F5 labs BigIp Load balancer Kernel 4.1.1PTF-03 (X86) 
 Uptime 19.009 days (since Fri Jul 04 09:44:08 2003) 
 Nmap run completed -- 1 IP address (1 host up) scanned in 32 seconds

    I tried a lot of possible configurations and that was the fastest using windows. I have read that the nmap performance in Linux is much better than in Windows, so I will try it using Linux. The problem is that if I want to make a network scan, 30 seconds it's a lot of time.

    If we talk about making a HTTPs scan, as Joe said in his post, JAVA needs the server certificates installed in the client truststore. I searched the internet and I found a couple of articles about getting the server certficates using a JAVA program or ignoring the server certificates (so you will not need the server certificates to connect). They can be found in http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_20585861.html . So I'm thinking in performing in the first step a https port scan and then perform a nmap scan in the host with the https port open.

    If you have any new idea, post it. Thanks:

    Miguel

    PD: I hope you will understand what i'm saying, I must improve my english knowledge