Re: [NSE] isakmp aggressive mode and version detection

[Jesper Kückelhahn <dev.kyckel () gmail com>]

It seems there was an error in the fingerprint file, as Cisco VPN 3000 devices don't run PIX OS. 
Thanks to Dario Ciccarone for pointing this out. I've attached a new ike-fingerprints.lua, that should fix this issue.


Regards,
        Jesper


> Hi list, 
>
> Just got a response from the author of ike-scan, and he agreed to the license change. So I've attached the 
> ike-version detection script, which includes three files:
>
>       1. ike-fingerprints.lua
>       2. ike.lua
>       3. ike-version.nse
>
> 'ike.lua' is meant as a general library for generating, sending and receiving ike packets. The 'ike-version.nse' 
> script only sends two packets, so it is very non-intrusive, and could be included in the version detection (sV) 
> collection of scripts. Currently there is a basic OS detection on Cisco devices, I'm hoping to extend this to other 
> devices.
>
> The output of the script is in the format:
>
> PORT    STATE SERVICE REASON       VERSION
> 500/udp open  isakmp  udp-response Cisco VPN 3000 series Concentrator (PIX OS 7.0.x)
>
>
> Comments are welcome.
>
>
>
> Regards,
>       Jesper
>
>
>
>
>
>  
>
>
> > Hi Fyodor,
> >
> > Thanks for the input.  I've just mailed the author your thoughts and I'll post back once I get a response.
> >
> >
> > Regards,
> >      Jesper
> >  
> >
> > On Dec 11, 2012, at 4:40 AM, Fyodor <fyodor () nmap org> wrote:
> >
> > > On Sat, Dec 8, 2012 at 5:38 AM, Jesper Kückelhahn <dev.kyckel () gmail com> wrote:
> > >
> > > I'm currently working on a NSE script that extracts information from isakmp services. I'm planning on creating two 
> > > scripts; one for aggressive mode detection, and one for version detection. For the latter I'd like to use the 
> > > vendor ID's included in 'ike-scan'[1]. However, I'm a little worried about the licensing and copy right aspect, and 
> > > I'm hoping that someone could help me determine if inclusion of this file in nmap is possible. In order to extract 
> > > version information, some modifications to this file might be necessary, and also addition fingerprints will 
> > > properly be added. The following is a snippet of text from the header of the file including license information:
> > >
> > > Hi Jesper.  The new scripts sound awesome, but you're right to be cautious about copyrights when taking code/date 
> > > from other tools.  Unfortunately, we can't use code under ike-scan's default license.  Whether a list of vendor IDs 
> > > is copyrightable is questionable, but we should err on the safe and polite side and note include it without 
> > > permission.  Fortunately, there are several options:
> > >
> > > Perhaps the best option is to mail the ike-scan guys (there are two email addresses in the header of 
> > > ike-vendor-ids) and ask permission to use the data in Nmap under a BSD license.  Be sure to let them know that 
> > > they'll be credited in the file, and that we will keep it under a BSD license so that they can then use any new IDs 
> > > discovered by Nmap Project contributors.
> > >
> > > If they say yes, then put a comment near the top of the data file that you use for the vendor IDs noting that it 
> > > can be used under the "Simplified (2-clause) BSD license--See http://nmap.org/svn/docs/licenses/BSD-simplified";.  
> > > Or if the data is in the script directly, you can put the script under that license by using that text in the 
> > > license field.
> > >
> > > If they don't respond or if they say no, then I guess the only alternative is to try and independently recreate the 
> > > data or find it from some other source.
> > >
> > > Cheers,
> > > Fyodor

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/