Among the various functions that the ike-scan can perform, it discovers hosts of IKE and also fingerprints these using a back-off pattern for retransmission. Here are some more of its functions:
Discovers:
The scan determines particular hosts that are running IKE within the IP range provided. This action is a result of the displaying hosts that respond to the ike-scan requests for IKE.
Fingerprint:
This set up helps in determining what kind of IKE implementation in network security the hosts are using. In some of the cases, it also determines the software versions that they are running. This is carried forward in dual ways. First way is done by fingerprinting with UDP back-off that involves the procedure of recording the times of the packets of IKE response from the hosts aimed, and also comparing the retransmission pattern with the existing patterns. The second procedure is done by fingerprinting with the Vendor ID that compares payloads of Vender ID from the VPN servers with the patterns of vendor id already known.
User Enumeration:
This works for some VPN systems where valid usernames of VPN are discovered.
Transform Enumeration:
It finds out which transform characteristics are allowed on the VPN server for Phase-1 of IKE. For example, hash algorithm, encryption algorithm, etc.
Key cracking that is pre-shared:
The ike-scan performs brute-forced cracking of passwords or offline dictionary for IKE Aggressive mode which has Pre-shared Key authentication. This one uses ike-scan in order to obtain parameters like hash and psk-crack, which in turn is a part of package of ike-scan, and perform the cracking.
There is a detailed description of the concept of retransmission back off fingerprinting in the fingerprinting paper of UDP back off that is supposed to be included in the kit of ike-scan as UDP Backoff Fingerprinting Paper.
This works for some VPN systems where valid usernames of VPN are discovered.
Transform Enumeration:
It finds out which transform characteristics are allowed on the VPN server for Phase-1 of IKE. For example, hash algorithm, encryption algorithm, etc.
Key cracking that is pre-shared:
The ike-scan performs brute-forced cracking of passwords or offline dictionary for IKE Aggressive mode which has Pre-shared Key authentication. This one uses ike-scan in order to obtain parameters like hash and psk-crack, which in turn is a part of package of ike-scan, and perform the cracking.
There is a detailed description of the concept of retransmission back off fingerprinting in the fingerprinting paper of UDP back off that is supposed to be included in the kit of ike-scan as UDP Backoff Fingerprinting Paper.
The specified program sends requests Main Mode or Aggressive Mode, also known as IKE phase-1 to the specified hosts and displays the responses it receives. The ike-scan works with the retransmission and retries with back off to cope up with the loss of pocket. It also confines the amount of bandwith consumed by the IKE packets that are outbound. IKE is actually the Internet Key Exchange protocol that is the key authentication mechanism and exchange used by IPsec. Almost all the modern systems of VPN implement IPsec and most of the IPsec VPNs use IKE to enable key exchange. The Main Mode is the mode among many others for phase-1 of the IKE exchange. The other mode that is defined in similar way is the aggressive mode. The main mode is preferable implemented as far as the RFC 2409 section 5 is concerned. This proves that all implementations of IKE are expected to support the main mode. Many of them also support the Aggressive Mode.
Building and Installing
Firstly, to obtain the project source code you need to Run git clone https://github.com/royhills/ike-scan.gitRun cd ike-scan to enter source directory
Then to b able o install a viable ./configure file Run autoreconf
Run ./configure or ./configure --with-openssl to use the OpenSSL libraries
For building the project Run make
Run make check to verify that everything works as expected
Run make install to install
Source:http://www.securitygeeks.net/
Home
Our Exploit DB
eBooks
Whitepapers
Pentesting Tools
Webtools
Wallpapers
Partners
Write For Us
Monday, 13 January 2014
[ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)
Related Posts Plugin for WordPress, Blogger...
Among the various functions that the ike-scan can perform, it discovers
hosts of IKE and also fingerprints these using a back-off pattern for
retransmission. Here are some more of its functions:
Discovers:
The scan determines particular hosts that are running IKE within the IP
range provided. This action is a result of the displaying hosts that
respond to the ike-scan requests for IKE.
Fingerprint:
This set up helps in determining what kind of IKE implementation in
network security the hosts are using. In some of the cases, it also
determines the software versions that they are running. This is carried
forward in dual ways. First way is done by fingerprinting with UDP
back-off that involves the procedure of recording the times of the
packets of IKE response from the hosts aimed, and also comparing the
retransmission pattern with the existing patterns. The second procedure
is done by fingerprinting with the Vendor ID that compares payloads of
Vender ID from the VPN servers with the patterns of vendor id already
known.
User Enumeration:
This works for some VPN systems where valid usernames of VPN are
discovered.
Transform Enumeration:
It finds out which transform characteristics are allowed on the VPN
server for Phase-1 of IKE. For example, hash algorithm, encryption
algorithm, etc.
Key cracking that is pre-shared:
The ike-scan performs brute-forced cracking of passwords or offline
dictionary for IKE Aggressive mode which has Pre-shared Key
authentication. This one uses ike-scan in order to obtain parameters
like hash and psk-crack, which in turn is a part of package of ike-scan,
and perform the cracking.
There is a detailed description of the concept of retransmission back
off fingerprinting in the fingerprinting paper of UDP back off that is
supposed to be included in the kit of ike-scan as UDP Backoff
Fingerprinting Paper.
The specified program sends requests Main Mode or Aggressive Mode, also
known as IKE phase-1 to the specified hosts and displays the responses
it receives. The ike-scan works with the retransmission and retries with
back off to cope up with the loss of pocket. It also confines the
amount of bandwith consumed by the IKE packets that are outbound. IKE is
actually the Internet Key Exchange protocol that is the key
authentication mechanism and exchange used by IPsec. Almost all the
modern systems of VPN implement IPsec and most of the IPsec VPNs use IKE
to enable key exchange. The Main Mode is the mode among many others for
phase-1 of the IKE exchange. The other mode that is defined in similar
way is the aggressive mode. The main mode is preferable implemented as
far as the RFC 2409 section 5 is concerned. This proves that all
implementations of IKE are expected to support the main mode. Many of
them also support the Aggressive Mode.
Building and Installing
Firstly, to obtain the project source code you need to Run git clone
https://github.com/royhills/ike-scan.gitRun cd ike-scan to enter source
directory
Then to b able o install a viable ./configure file Run autoreconf
Run ./configure or ./configure --with-openssl to use the OpenSSL
libraries
For building the project Run make
Run make check to verify that everything works as expected
Run make install to install
- Read more at: http://www.securitygeeks.net/2014/01/ike-scan-discover-fingerprint-ike-hosts.html?m=0
- Read more at: http://www.securitygeeks.net/2014/01/ike-scan-discover-fingerprint-ike-hosts.html?m=0
Home
Our Exploit DB
eBooks
Whitepapers
Pentesting Tools
Webtools
Wallpapers
Partners
Write For Us
Monday, 13 January 2014
[ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)
Related Posts Plugin for WordPress, Blogger...
Among the various functions that the ike-scan can perform, it discovers
hosts of IKE and also fingerprints these using a back-off pattern for
retransmission. Here are some more of its functions:
Discovers:
The scan determines particular hosts that are running IKE within the IP
range provided. This action is a result of the displaying hosts that
respond to the ike-scan requests for IKE.
Fingerprint:
This set up helps in determining what kind of IKE implementation in
network security the hosts are using. In some of the cases, it also
determines the software versions that they are running. This is carried
forward in dual ways. First way is done by fingerprinting with UDP
back-off that involves the procedure of recording the times of the
packets of IKE response from the hosts aimed, and also comparing the
retransmission pattern with the existing patterns. The second procedure
is done by fingerprinting with the Vendor ID that compares payloads of
Vender ID from the VPN servers with the patterns of vendor id already
known.
User Enumeration:
This works for some VPN systems where valid usernames of VPN are
discovered.
Transform Enumeration:
It finds out which transform characteristics are allowed on the VPN
server for Phase-1 of IKE. For example, hash algorithm, encryption
algorithm, etc.
Key cracking that is pre-shared:
The ike-scan performs brute-forced cracking of passwords or offline
dictionary for IKE Aggressive mode which has Pre-shared Key
authentication. This one uses ike-scan in order to obtain parameters
like hash and psk-crack, which in turn is a part of package of ike-scan,
and perform the cracking.
There is a detailed description of the concept of retransmission back
off fingerprinting in the fingerprinting paper of UDP back off that is
supposed to be included in the kit of ike-scan as UDP Backoff
Fingerprinting Paper.
The specified program sends requests Main Mode or Aggressive Mode, also
known as IKE phase-1 to the specified hosts and displays the responses
it receives. The ike-scan works with the retransmission and retries with
back off to cope up with the loss of pocket. It also confines the
amount of bandwith consumed by the IKE packets that are outbound. IKE is
actually the Internet Key Exchange protocol that is the key
authentication mechanism and exchange used by IPsec. Almost all the
modern systems of VPN implement IPsec and most of the IPsec VPNs use IKE
to enable key exchange. The Main Mode is the mode among many others for
phase-1 of the IKE exchange. The other mode that is defined in similar
way is the aggressive mode. The main mode is preferable implemented as
far as the RFC 2409 section 5 is concerned. This proves that all
implementations of IKE are expected to support the main mode. Many of
them also support the Aggressive Mode.
Building and Installing
Firstly, to obtain the project source code you need to Run git clone
https://github.com/royhills/ike-scan.gitRun cd ike-scan to enter source
directory
Then to b able o install a viable ./configure file Run autoreconf
Run ./configure or ./configure --with-openssl to use the OpenSSL
libraries
For building the project Run make
Run make check to verify that everything works as expected
Run make install to install
- Read more at: http://www.securitygeeks.net/2014/01/ike-scan-discover-fingerprint-ike-hosts.html?m=0
- Read more at: http://www.securitygeeks.net/2014/01/ike-scan-discover-fingerprint-ike-hosts.html?m=0
No comments:
Post a Comment