Nmap Development mailing list archives
Re: [NSE] isakmp aggressive mode and version detection
From: Jesper Kückelhahn <dev.kyckel () gmail com>
Date: Sun, 27 Jan 2013 22:22:36 +0100
Hi David, Thanks for testing, it's nice to see it's working. In order for the version detection to work, the service needs to send at least one known Vendor ID, which it doesn't in this case. In a successful scenario it will produce the following (debugging) output: NSE: IKE: Found IKE Header: 01: SA NSE: IKE: Found IKE Header: 0D: VID - 1e2b516905991c7d7c96fcbfb587e46100000002 NSE: IKE: Found IKE Header: 0D: VID - 4048b7d56ebce88525e7de7f00d6c2d3 NSE: IKE: Found IKE Header: 0D: VID - 90cb80913ebb696e086381b5ec427b1f Fetchfile found /usr/local/bin/../share/nmap/nselib/data/ike-fingerprints.lua NSE: ike: Loading fingerprints: /usr/local/bin/../share/nmap/nselib/data/ike-fingerprints.lua NSE: IKE: Fingerprint: 1e2b516905991c7d7c96fcbfb587e46100000002 matches Microsoft Windows 2000 NSE: IKE: Attribute: 1e2b516905991c7d7c96fcbfb587e46100000002 matches MS NT5 ISAKMPOAKLEY NSE: IKE: Attribute: 4048b7d56ebce88525e7de7f00d6c2d3 matches IKE FRAGMENTATION NSE: IKE: Attribute: 90cb80913ebb696e086381b5ec427b1f matches draft-ietf-ipsec-nat-t-ike-02\n NSE: Version: Microsoft … PORT STATE SERVICE REASON VERSION 500/udp open isakmp udp-response Microsoft Windows 2000 Service Info: OS: Windows 2000; CPE: cpe:/o:microsoft:windows:2000 There are additional methods that can be used for fingerprinting, such as analysing the backoff pattern, but this would take a couple of minutes to complete, so I haven't prioritised this approach. - Jesper On Jan 27, 2013, at 8:00 PM, David Fifield <david () bamsoftware com> wrote:
NSE: IKE: Found IKE Header: 01: SA NSE: IKE: Found IKE Header: 04: Key Exchange NSE: IKE: Found IKE Header: 0A: Nonce NSE: IKE: Found IKE Header: 05: ID NSE: IKE: Found IKE Header: 08: Hash NSE: Version: nil
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 19)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 20)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 21)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 26)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 27)
- Message not available
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 27)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 27)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 28)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 28)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 29)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 29)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 21)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 20)