Nmap Development mailing list archives

IPsec fingerprinting Was: Re: Enhancement Request

From: Mikael Olsson <mikael.olsson () enternet se>
Date: Fri, 07 Jul 2000 17:35:46 +0200


H D Moore wrote:


Nmap 2.54BETA1 already has this capability built in with the IP protocol
scanning option (-sO).  Does anyone know of a tool to query ESP/AHP
protocols (gather version info/software vendor info/etc)?


As far as I know, you can't query anything via ESP/AH. They're
very simplistic and extremely picky about properly authenticated
messages:-)

The way to do an "IPsec fingerprint" is to poke around on port 
500/udp and get vendor info from there. (500/udp is IKE).

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00         Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636        Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/       E-mail: mikael.olsson () enternet se

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

Current thread:

Enhancement Request Kevin Johnston (Jul 07)
- Re: Enhancement Request H D Moore (Jul 07)
  - IPsec fingerprinting Was: Re: Enhancement Request Mikael Olsson (Jul 07)