Re: [Plugins-writers] plugin #11935 (ike_detect) do not detect IKE

Previous message: George A. Theall: "Re: [Plugins-writers] Patch for domino_fs_config.nasl (plugin id 10058)"
In reply to: Michel Casabona: "[Plugins-writers] plugin #11935 (ike_detect) do not detect IKE"
Next in thread: John Lampe: "Re: [Plugins-writers] plugin #11935 (ike_detect) do not detect IKE"
Reply: John Lampe: "Re: [Plugins-writers] plugin #11935 (ike_detect) do not detect IKE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

jwlampe@private

Michel Casabona wrote:

> The ike_detect plugin do not always detect an active IKE service
> because it uses a random source port. Some IKE implementations
> answers only to source port 500.
> 
> Note that ike_check had the same problem and was fixed already.
> 
> Thanks

and, some IKE implementations accept an IKE packet from an ephermal 
source port and respond as if the source port was set to 500 (srcport 
==dstport = 500).

At any rate, I'll make that change and thanks for reporting the issue.

John

-- 
John Lampe
Senior Security Researcher
TENABLE Network Security, Inc.
jwlampe@{nessus.org,tenablesecurity.com}
Tele: (410) 872-0555
www.tenablesecurity.com

Is your network TENABLE?
---------------------------------------
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers