Nmap Development: IPsec fingerprinting Was: Re: Enhancement Request

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Development mailing list archives

IPsec fingerprinting Was: Re: Enhancement Request

From: Mikael Olsson <mikael.olsson () enternet se>
Date: Fri, 07 Jul 2000 17:35:46 +0200


H D Moore wrote:


Nmap 2.54BETA1 already has this capability built in with the IP protocol
scanning option (-sO).  Does anyone know of a tool to query ESP/AHP
protocols (gather version info/software vendor info/etc)?


As far as I know, you can't query anything via ESP/AH. They're
very simplistic and extremely picky about properly authenticated
messages:-)

The way to do an "IPsec fingerprint" is to poke around on port 
500/udp and get vendor info from there. (500/udp is IKE).

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00         Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636        Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/       E-mail: mikael.olsson () enternet se

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

By Date By Thread

Current thread:

Enhancement Request Kevin Johnston (Jul 07)
- Re: Enhancement Request H D Moore (Jul 07)
  - IPsec fingerprinting Was: Re: Enhancement Request Mikael Olsson (Jul 07)