Active ANY to Local Node Routings
Categories:
- Target Database: —
- Context Type: —
- Alert Severity: —
- Triggered Time: —
- Firing Context:
—
Active ~~ANY~~ to Local Node Routings Report
Report ID: ib-any-to-local-routing
Category: Integration Broker
Purpose
This report identifies Integration Broker routings where the sender node is ~~ANY~~ and the receiver is the default local node. The ~~ANY~~ sender is a wildcard that allows any external node to send messages to the local system for that routing’s operation, bypassing node-specific routing controls.
~~ANY~~ routings are sometimes intentional (e.g., for broadly available services), but if left active without review they let any external node send messages inbound. This report lists which operations are open to inbound messages from any node.
What It Detects
WARNING — Active ~~ANY~~ to Local Node Routings
Active routings in PSIBRTNGDEFN where:
SENDERNODENAME = '~~ANY~~'RECEIVERNODENAMEis the default local nodeEFF_STATUS = 'A'(Active)
These routings are currently allowing any external node to send messages inbound.
Tables Queried
PSMSGNODEDEFN — Message Node Definitions
Used to identify the default local node(s).
| Field | Description | Filter |
|---|---|---|
| MSGNODENAME | Node name (primary key) | |
| LOCALNODE | Whether node is local | = 1 |
| LOCALDEFAULTFLG | Whether node is the default local | = 'Y' |
| ACTIVE_NODE | Whether the node is active |
PSIBRTNGDEFN — Integration Broker Routing Definitions
Used to find inbound routings to the default local node.
| Field | Description | Filter |
|---|---|---|
| ROUTINGDEFNNAME | Routing definition name | |
| SENDERNODENAME | Sender node | Checked for ~~ANY~~ |
| RECEIVERNODENAME | Receiver node | = {default local node} |
| EFF_STATUS | Effective status | A = Active, I = Inactive |
| EFFDT | Effective date | |
| IB_OPERATIONNAME | Service operation name | |
| DESCR | Description |
Data Flow
1. Fetch ALL message nodes from PSMSGNODEDEFN
(batches of 300)
|
v
2. Filter for default local nodes:
LOCALNODE = 1 AND LOCALDEFAULTFLG = 'Y'
|
v
3. For each default local node, fetch inbound routings
from PSIBRTNGDEFN where RECEIVERNODENAME = node
|
v
4. Filter for active routings where SENDERNODENAME = '~~ANY~~'
|
v
5. Generate Markdown report with findings
Report Output
The generated report contains:
- Header with database name and generation timestamp
- Summary with total nodes scanned, default local node name(s), and count of active
~~ANY~~routings - WARNING section (if any): Table of active
~~ANY~~routings with routing name, receiver node, linked service operation, and description - Recommendations if active
~~ANY~~routings are found
Interpreting Results
- WARNING findings should be reviewed. Each active
~~ANY~~routing means any external node can send messages for that operation to the local system. Determine whether this is intentional. - No findings means all inbound routings use explicit sender nodes, which is the most secure configuration.
Recommendations
- Review each active
~~ANY~~routing to determine if a wildcard sender is truly needed - Replace with explicit sender node routings where possible to restrict which nodes can send messages inbound
- Deactivate unneeded
~~ANY~~routings to reduce the attack surface