NDMP
aka backup
Network Data Management Protocol on 10000 — backup orchestration for NAS/SAN. Often weakly authenticated; it can enumerate the device's filesystems and, with access, read data being backed up.
Ports
| Port | Proto | Notes |
|---|---|---|
10000 | tcp | NDMP |
Fingerprint
- nmap ndmp-version / ndmp-fs-info respond
- NDMP NOTIFY/CONNECT handshake on 10000
Key files
| Path | Holds | Sensitive |
|---|---|---|
backed-up filesystems | whole-volume backups of the NAS | sensitive |
Exploitation primitives
- ndmp-fs-info enumerates the device's filesystems/volumes
- Weak/default backup creds → drive backup/restore operations
- Read data targeted for backup (effectively the NAS contents)
Overview
NDMP on 10000 coordinates NAS/SAN backups. It exposes the device’s filesystems and, if you can authenticate, the data within them.
Enumeration
Version + filesystem info:
nmap -p10000 --script ndmp-version,ndmp-fs-info <TARGET>Port 10000 is also Webmin’s default — check
nmap -sVto tell NDMP from a Webmin web UI.
Hardening
Require strong NDMP credentials, restrict the backup network, and keep the backup appliance firmware patched.