Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] isakmp aggressive mode and version detection
From: Jesper Kückelhahn <dev.kyckel () gmail com>
Date: Tue, 11 Dec 2012 20:30:59 +0100

Hi Fyodor,

Thanks for the input.  I've just mailed the author your thoughts and I'll post back once I get a response.


On Dec 11, 2012, at 4:40 AM, Fyodor <fyodor () nmap org> wrote:

On Sat, Dec 8, 2012 at 5:38 AM, Jesper Kückelhahn <dev.kyckel () gmail com> wrote:

I'm currently working on a NSE script that extracts information from isakmp services. I'm planning on creating two 
scripts; one for aggressive mode detection, and one for version detection. For the latter I'd like to use the vendor 
ID's included in 'ike-scan'[1]. However, I'm a little worried about the licensing and copy right aspect, and I'm 
hoping that someone could help me determine if inclusion of this file in nmap is possible. In order to extract 
version information, some modifications to this file might be necessary, and also addition fingerprints will properly 
be added. The following is a snippet of text from the header of the file including license information:

Hi Jesper.  The new scripts sound awesome, but you're right to be cautious about copyrights when taking code/date 
from other tools.  Unfortunately, we can't use code under ike-scan's default license.  Whether a list of vendor IDs 
is copyrightable is questionable, but we should err on the safe and polite side and note include it without 
permission.  Fortunately, there are several options:

Perhaps the best option is to mail the ike-scan guys (there are two email addresses in the header of ike-vendor-ids) 
and ask permission to use the data in Nmap under a BSD license.  Be sure to let them know that they'll be credited in 
the file, and that we will keep it under a BSD license so that they can then use any new IDs discovered by Nmap 
Project contributors.

If they say yes, then put a comment near the top of the data file that you use for the vendor IDs noting that it can 
be used under the "Simplified (2-clause) BSD license--See http://nmap.org/svn/docs/licenses/BSD-simplified";.  Or if 
the data is in the script directly, you can put the script under that license by using that text in the license field.

If they don't respond or if they say no, then I guess the only alternative is to try and independently recreate the 
data or find it from some other source.


Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]