Re: [NSE] isakmp aggressive mode and version detection

[Jesper Kückelhahn <dev.kyckel () gmail com>]

Hmmm, it seems I have some issues attaching files. I'll try attaching them
once again.



On Fri, Dec 14, 2012 at 8:00 PM, Jesper Kückelhahn <dev.kyckel () gmail com>wrote:

> It seems there was an error in the fingerprint file, as Cisco VPN 3000
> devices don't run PIX OS.
> Thanks to Dario Ciccarone for pointing this out. I've attached a new
> ike-fingerprints.lua, that should fix this issue.
>
>
> Regards,
> Jesper
>
>
>
> Hi list,
>
> Just got a response from the author of ike-scan, and he agreed to the
> license change. So I've attached the ike-version detection script, which
> includes three files:
>
> 1. ike-fingerprints.lua
> 2. ike.lua
> 3. ike-version.nse
>
> 'ike.lua' is meant as a general library for generating, sending and
> receiving ike packets. The 'ike-version.nse' script only sends two packets,
> so it is very non-intrusive, and could be included in the version detection
> (sV) collection of scripts. Currently there is a basic OS detection on
> Cisco devices, I'm hoping to extend this to other devices.
>
> The output of the script is in the format:
>
> PORT    STATE SERVICE REASON       VERSION
> 500/udp open  isakmp  udp-response Cisco VPN 3000 series Concentrator (PIX
> OS 7.0.x)
>
>
> Comments are welcome.
>
>
>
> Regards,
> Jesper
>
>
>
>
>
>
>
>
> Hi Fyodor,
>
> Thanks for the input.  I've just mailed the author your thoughts and I'll
> post back once I get a response.
>
>
> Regards,
> Jesper
>
>
> On Dec 11, 2012, at 4:40 AM, Fyodor <fyodor () nmap org> wrote:
>
>
>
> On Sat, Dec 8, 2012 at 5:38 AM, Jesper Kückelhahn <dev.kyckel () gmail com>wrote:
> > I'm currently working on a NSE script that extracts information from
> > isakmp services. I'm planning on creating two scripts; one for aggressive
> > mode detection, and one for version detection. For the latter I'd like to
> > use the vendor ID's included in 'ike-scan'[1]. However, I'm a little
> > worried about the licensing and copy right aspect, and I'm hoping that
> > someone could help me determine if inclusion of this file in nmap is
> > possible. In order to extract version information, some modifications to
> > this file might be necessary, and also addition fingerprints will properly
> > be added. The following is a snippet of text from the header of the file
> > including license information:
>
> Hi Jesper.  The new scripts sound awesome, but you're right to be cautious
> about copyrights when taking code/date from other tools.  Unfortunately, we
> can't use code under ike-scan's default license.  Whether a list of vendor
> IDs is copyrightable is questionable, but we should err on the safe and
> polite side and note include it without permission.  Fortunately, there are
> several options:
>
> Perhaps the best option is to mail the ike-scan guys (there are two email
> addresses in the header of ike-vendor-ids) and ask permission to use the
> data in Nmap under a BSD license.  Be sure to let them know that they'll be
> credited in the file, and that we will keep it under a BSD license so that
> they can then use any new IDs discovered by Nmap Project contributors.
>
> If they say yes, then put a comment near the top of the data file that you
> use for the vendor IDs noting that it can be used under the "Simplified
> (2-clause) BSD license--See
> http://nmap.org/svn/docs/licenses/BSD-simplified";.  Or if the data is in
> the script directly, you can put the script under that license by using
> that text in the license field.
>
> If they don't respond or if they say no, then I guess the only alternative
> is to try and independently recreate the data or find it from some other
> source.
>
> Cheers,
> Fyodor

Attachment: ike-fingerprints.lua
Description:

Attachment: ike-version.nse
Description:

Attachment: ike.lua
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/