summaryrefslogtreecommitdiff
path: root/security/ike-scan
AgeCommit message (Collapse)AuthorFilesLines
2006-01-18Update to 1.8adrianp3-14/+14
Grab maintainership From the ChangeLog (Summarised) > * ike-backoff-patterns: Added backoff patterns for Netgear ProSafe > and Netgear ADSL Firewall Router. Submitted by Paul Askew. > * ike-scan.c, ike-scan.h, configure.ac: Added new --writepkttofile > option. This option writes the output packet to the specified file > rather than sending it to the remote host. It is intended for > debugging and testing purposes, to allow the IKE packet to be > easily checked. This option is not documented, because it is > designed purely for testing. > * check-packet: New test to check IKE scan packet data. Currently > tests two sample packets: one default proposal, and one custom > proposal. > * ike-scan.c: Added --exchange option to allow the exchange field > in the ISAKMP header to be set to arbitrary values. > * ike-scan.c, isakmp.c: Added --hdrflags and --hdrmsgid options to > allow Flags and MsgID fields in the ISAKMP header to be specified. > * ike-scan.c: Added --cookie option to allow the initiator cookie in > the ISAKMP header to be set to a static value. > * ike-scan.c, isakmp.c: Add --spisize option to allow a random SPI > of the specified size to be added to the proposal payload. > * ike-vendor-ids: Added 16 new Vendor IDs, and revised some comments > on existing entries. > * ike-scan.c: Added --doi (-D) and --situation (-S) options to allow > the DOI and Situation in the SA of the outbound packets to be changed > from the default of DOI_IPSEC and SIT_IDENTITY_ONLY. > * ike-scan.c: Added --protocol (-j) and --transid (-k) options to > allow the proposal protocol and transform id of the outbound packets > to be changed from the defaults. > * ike-scan.c: Added --certreq (-C) option to add a > CertificateRequest payload to the outgoing packet. > * ike-scan.c: Added --headerlen (-L) option to allow the ISAKMP header > length to be manually specified. Normally, ike-scan will > automatically calculate the correct length; however, you can use this > option if you want to use an incorrect length value instead. > * ike-scan.c, isakmp.c: Added --mbz (-Z) option to allow the value for > the reserved (MBZ) fields to be set to non-zero values. Doing so > will make the outgoing packet non-RFC compliant. > * ike-scan.c, isakmp.c: Added --headerver (-E) option to allow the > version field in the ISAKMP header to be altered from the default of > 0x10 (v1.0). > * ike-scan.c: Added --bandwidth (-B) option to allow the outgoing > bandwidth to be specified directly instead of using --interval. > The --bandwidth option calculates the appropriate interval setting, > taking into account the size of the packet. > * ike-scan.c: Added --noncelen (-c) option to allow the length of the > nonce data to be changed. This is only applicable to aggressive > mode.
2005-12-08Fix OpenSSL test, it doesn't work out of the box on DragonFlyjoerg2-1/+14
due to missing size_t.
2005-12-05Fixed pkglint warnings. The warnings are mostly quoting issues, forrillig1-2/+2
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some other changes are outlined in http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-04-11Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.tv1-2/+1
2005-02-28Changes 1.7.1:adam2-10/+8
* Fixed bug which caused hostnames containing hyphens to fail with an error. * Improved mapping of ID numbers to names in decode. This allows sparse IDs ranges (e.g. 1,2,3,65000) to be supported, which means that we can now decode XAUTH authentication method amongst other things. * Added SO_BROADCAST option to UDP socket to allow sending to broadcast addresses. Previously this gave a permission denied error.
2005-02-24Add RMD160 digests.agc1-1/+2
2005-01-14- Update to 1.7adrianp3-7/+25
- Add bl3 and openssl support - Fix paths in man pages - Install extra documentation - Remove un-needed options from pkgsrc Makefile Lots of changes/bugfixes from 1.6 including: psk-crack.c: New program to crack Aggressive Mode Pre-Shared Keys using dictionary attack. This uses the output from "ike-scan -P" together with a dictionary.
2004-02-28MAINTAINER should be tech-pkg@NetBSD.org instead of packages@netbsd.org.taca1-2/+2
2004-02-27ike-scan, IKE fingerprinting toolitojun4-0/+47
--- ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern. ike-scan does two things: a) Discovery: Determine which hosts are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by ike-scan. b) Fingerprinting: Determine which IKE implementation the hosts are using. This is done by recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns. The retransmission backoff fingerprinting concept is discussed in more detail in the UDP backoff fingerprinting paper which should be included in the ike-scan kit as udp-backoff-fingerprinting-paper.txt. The program sends IKE main mode requests to the specified hosts and displays any responses that are received. It handles retry and retransmission with backoff to cope with packet loss. It also limits the amount of bandwidth used by the outbound IKE packets.
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-02 20:38:20 +0000