Nmap Development: Re: [NSE] isakmp aggressive mode and version detection

Re: [NSE] isakmp aggressive mode and version detection

From: Jesper Kückelhahn <dev.kyckel () gmail com>
Date: Tue, 11 Dec 2012 20:30:59 +0100

Hi Fyodor,

Thanks for the input.  I've just mailed the author your thoughts and I'll post back once I get a response.


Regards,
        Jesper
 

On Dec 11, 2012, at 4:40 AM, Fyodor <fyodor () nmap org> wrote:

On Sat, Dec 8, 2012 at 5:38 AM, Jesper Kückelhahn <dev.kyckel () gmail com> wrote:

I'm currently working on a NSE script that extracts information from isakmp services. I'm planning on creating two
scripts; one for aggressive mode detection, and one for version detection. For the latter I'd like to use the vendor
ID's included in 'ike-scan'[1]. However, I'm a little worried about the licensing and copy right aspect, and I'm
hoping that someone could help me determine if inclusion of this file in nmap is possible. In order to extract
version information, some modifications to this file might be necessary, and also addition fingerprints will properly
be added. The following is a snippet of text from the header of the file including license information:

Hi Jesper. The new scripts sound awesome, but you're right to be cautious about copyrights when taking code/date
from other tools. Unfortunately, we can't use code under ike-scan's default license. Whether a list of vendor IDs
is copyrightable is questionable, but we should err on the safe and polite side and note include it without
permission. Fortunately, there are several options:

Perhaps the best option is to mail the ike-scan guys (there are two email addresses in the header of ike-vendor-ids)
and ask permission to use the data in Nmap under a BSD license. Be sure to let them know that they'll be credited in
the file, and that we will keep it under a BSD license so that they can then use any new IDs discovered by Nmap
Project contributors.

If they say yes, then put a comment near the top of the data file that you use for the vendor IDs noting that it can
be used under the "Simplified (2-clause) BSD license--See http://nmap.org/svn/docs/licenses/BSD-simplified";. Or if
the data is in the script directly, you can put the script under that license by using that text in the license field.

If they don't respond or if they say no, then I guess the only alternative is to try and independently recreate the
data or find it from some other source.

Cheers,
Fyodor


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

By Date By Thread

Current thread:

[NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Dec 08)
- Re: [NSE] isakmp aggressive mode and version detection Fyodor (Dec 11)
  - Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Dec 11)
    - Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Dec 14)
    - Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Dec 14)
    - Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Dec 17)
    - Re: [NSE] isakmp aggressive mode and version detection David Fifield (Dec 21)
    - Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Dec 21)
    - Re: [NSE] isakmp aggressive mode and version detection David Fifield (Dec 22)
    - Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Dec 23)
    - Re: [NSE] isakmp aggressive mode and version detection David Fifield (Dec 24)
    - Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Dec 31)