On Mon, 13 Jul 2015 13:56:04 +0100, "Nick Upson nu@...
[firebird-support]" <firebird-support@yahoogroups.com> wrote:

> Hi
>
> firebird 2.1 centos, I have systems in a company who are scanning with
> nessus and this causes the firebird log below. Although they do not have
> access to the database I'm concerned what is happening. Has anyone seen
> this before? Can I avoid it?
>
>
> gaxgpap345vu Sun Jul 12 17:27:11 2015
> INET/inet_error: read errno = 104
>
>
> gaxgpap345vu Sun Jul 12 17:27:14 2015
> *** DUMP ***
>
>
> gaxgpap345vu Sun Jul 12 17:27:14 2015
> Tag=-1 Offset=13 Length=26 Eof=0
>
>
>
> gaxgpap345vu Sun Jul 12 17:27:14 2015
> Clump 1 at offset 0: SCAN CHECK<04>
>
>
> gaxgpap345vu Sun Jul 12 17:27:14 2015
> Fatal exception during clumplet dump: Invalid clumplet buffer
> structure: buffer end before end of clumplet - clumplet too long
>
>
> gaxgpap345vu Sun Jul 12 17:27:14 2015
> Plain dump starting with offset 13: <0a>nessusscan<06><00>

Whether you should be worried depends on your Firebird version. There are
some vulnerabilities that can crash the server in some versions of Firebird
even when not authenticate (I don't recall if there are exploits that can
get data unauthenticated). These known vulnerabilities is what Nessus scans
for.

To authenticate with the server, the client first needs to communicate
with the server. If this handshake is not programmed correctly, then it
could be vulnerable to crashing the server (or worse), and that has
happened in the past. Firebird logs that it received information that it
didn't grok and that is a good thing!

Mark