Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Detect IKE VPNs

from [Scott Pate] Network Security [Permanent Link]
Subject: RE: Detect IKE VPNs
Date: Fri, 14 Jul 2006 10:01:34 -0500 
I scanned a host which I manually verified had IKE running on port 500,
but I cannot get nessus to report that it has detected this service.  I
can manually run the nasl (nasl -t  <ip.address> ike_detect.nasl) and
verify there is a response from the server using tcpdump:

Capturing on eth2
1   0.000000 src.ip -> dst.ip ISAKMP Identity Protection (Main Mode)
2   0.031108 dst.ip -> src.ip ISAKMP Identity Protection (Main Mode)
3   0.031147 src.ip -> dst.ip ICMP Destination unreachable (Port
unreachable)
4   1.031149 src.ip -> dst.ip ISAKMP Identity Protection (Main Mode)
5   2.067193 src.ip -> dst.ip ISAKMP Base
6   2.099405 dst.ip -> src.ip ISAKMP Informational
11   3.163231 src.ip -> dst.ip ISAKMP Aggressive
13   7.984315 dst.ip -> src.ip ISAKMP Identity Protection (Main Mode)

I also see that the nasl ran in nessusd.messages:

[Thu Jul 13 10:42:18 2006][19214] user admin : launching ike_detect.nasl
against <ip.address> [10074]
[Thu Jul 13 10:42:33 2006][19214] ike_detect.nasl (process 10074)
finished its job in 15.728 seconds

But nessus still will not report this service.

I have tried with safe checks on and off, and tried various port scan
settings (udp, tcp syn...)

Am I missing something?

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Josh Zlatin
Sent: Thursday, July 13, 2006 9:21 PM
To: Larry
Cc: nessus@list.nessus.org
Subject: Re: Detect IKE VPNs

On Thu, 13 Jul 2006, Larry wrote:


Sorry for the last email, I forgot to change the subject.

Is there a nessus plugin that will detect IKE VPN's on UDP port 500 
and 10000?  Also, IKE TCP VPN's?


The IPSec IKE detection plugin (#11935) will detect IKE VPN servers on
UDP port 500. I'm not sure why port 10000 isn't used in that plugin too.
I don't think there are any plugins that detect IKE TCP VPN servers.

--
  - Josh
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: generating pizza report on Nessus windows based, jfvanmeter
Next by Date:  nessus-update-plugins failing, Eleanor Blair
Previous by Thread:  Re: generating pizza report on Nessus windows based, jfvanmeter
Next by Thread:  Re: Detect IKE VPNs, Ferdy Riphagen
Indexes:  [Date] [Thread] [Top] [All Lists]