Skip to content

ike-scan 1.9

Latest
Compare
Choose a tag to compare
@royhills royhills released this 24 Nov 18:40
· 106 commits to master since this release
  • ike-scan wiki at http://www.nta-monitor.com/wiki/ This will contain ike-scan documentation and associated IPsec information.
  • IKEv2 support with --ikev2 option that sends IKE version 2 format packets, and version 2 packets that are received are correctly decoded. The IKEv2 support is currently experimental as it has only been tested against one implementation (strongSwan), and it only supports the default proposal.
  • New --rcookie option allows the responder cookie to be set to the specified value in outgoing packets. The default is zero.
  • psk-crack allows the dictionary to be read from stdin with the --dictionary=- option. This allows another program to generate candidate passwords, e.g. john --incremental --stdout | psk-crack --dictionary=- psk-file
  • New --nat-t option to enable RFC 3947 NAT Traversal. This option adds the Non-ESP marker to outbound packets and strips it from responses. It also changes the default UDP source and destination ports both to 4500.
  • New --sourceip option, which allows spoofing source IP address. This only works on systems that support raw sockets.
  • Allow matching backoff patterns which contain only one packet. This is for simplistic implementations that don't perform any backoff at all. There are very few of these systems, so this absense of a pattern is still useful for fingerprinting.
  • psk-crack is able to crack passwords hased with the Nortel Contivity proprietary algorithm as well as those using the standard algorithm.
  • New --shownum option, which causes the number of each packet received to be displayed before the packet details.
  • New --timestamp option, which causes the time when the packet was received to be displayed in %H:%M:%S.%u format before the packet details.
  • New --randomseed option, which allows the PRNG seed to be specified. This allows packets containing payloads with random data, such as Key Exchange and Nonce to be repeatable.
  • Changed PRNG implementation from the standard rand() function to the Mersenne Twister. This is both a better PRNG and is also reproducable across different platforms.
  • Changed revision control system from CVS to SVN, with the result that the individual source file version numbers as reported with --version or ident(1) are now integers like 9876 rather than 1.x format.
  • Improved "make check" tests to check new features and increase code coverage.