File: ChangeLog

package info (click to toggle)
ike-scan 1.7-3
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 4,928 kB
  • ctags: 542
  • sloc: ansic: 5,931; sh: 3,589; makefile: 72
file content (667 lines) | stat: -rw-r--r-- 26,663 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
$Id: ChangeLog,v 1.34 2005/01/13 12:02:23 rsh Exp $

2005-01-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* README: Updated for ike-scan 1.6.7.
	* ike-scan.h: Increased default pattern matching fuzz value from 100
	  to 500 ms.
	* ike-scan.c: treat ECONNRESET the same as ECONNREFUSED. Some OSes
	  (e.g. Cygwin on Windows) return ECONNRESET from recvfrom() whereas
	  others return ECONNREFUSED.

2004-12-31 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow --interval argument to be specified as either
	  milliseconds or microseconds.  Milliseconds is the default, unless
	  the argument ends in "u" in which case it is taken as microseconds.

2004-12-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Corrected pointer comparison in remove_host() so that
	  advance_cursor() is always called when the host being removed is the
	  current host.  This bug sometimes caused ike-scan to hang.

2004-12-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-hash.c: Correct unsigned/signed char * pointers which were
	  giving warnings on Tru64 Alpha with Compaq C.

	* psk-crack.c: Avoid division by zero if elapsed_seconds is zero.
	  I've seen this problem occur on Tru64/Alpha with few iterations,
	  probably because the granularity of gettimeofday() is not small
	  enough on this platform.

	* sha1.c: Change "unsigned long" to "uint32_t" where a 32-bit
	  unsigned quantity is required.  This allows sha1 to work on systems
	  where "unsigned long" is not 32-bits e.g. Alpha.

	* psk-crack.c: cast argument to isspace() to unsigned char to avoid
	  "subscript has type char" warning on some OSes e.g. HP-UX.

	* psk-crack.c: Correct spelling of "fnbuf_siz" variable used for
	  Cygwin.

	* ike-scan.c, utils.c: Cast tv_sec and tv_usec timeval elements to
	  unsigned long before printing.  This is done because different
	  vendors use different types (signed/unsigned int/long) for these
	  elements.  As long is the widest type, and the values cannot be
	  negative, casting to unsigned long is safe.

2004-12-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Improve detection and location of OpenSSL libraries.
	  configure will now search several standard locations for the
	  OpenSSL libraries if the --with-openssl option is supplied.  If a
	  directory argument is given, then that will be added to the search
	  list.

2004-12-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Remove options to manually specify hash type (MD5 or
	  SHA1), as these are never needed.

2004-12-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Changed syntax for dictionary cracking.  Now dictionary
	  cracking does not need the dictionary file to be specified as an
	  argument.  It's possible to use a dictionary file other than the
	  default with the --dictionary option.

	* psk-crack.c: Support cracking multiple hashes if the PSK parameters
	  file has more than one line.

2004-12-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Minor changes to usage() to improve description of
	  --pskcrack and --tcptimeout options.

	* check-run-1, check-run-2: Add --nodns --retry=1 to reduce delay.

	* check-psk-crack-2: Add dictionary cracking tests.

2004-11-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added optional filename argument to --pskcrack (-P)
	  option to allow the PSK data to be written to a file for later
	  cracking with psk-crack.

2004-11-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* sha1.c: define SHA1HANDSOFF to 1 to prevent the SHA1 functions from
	  modifying the input buffer.  If this is not defined, then pre-shared
	  key cracking for SHA1 hashes using this SHA1 function fails.

	* Wrote two new tests for "make check": check-psk-crack-1 which tests
	  psk-crack --help and --version, and check-psk-crack-2 which tests
	  psk-crack bruteforce for both MD5 and SHA1 hashes.

2004-11-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: printable() should quote the backslash itself to make
	  "\\n" (backslash, en) distinguishable from "\n" (newline).
	  This fix contributed by Pavel Kankovsky <kan(at)dcit.cz>

	* psk-crack.c: Changed loop counters from 32-bit to 64-bit integers
	  to cope with very large iteration counts, e.g. when brute-forcing
	  8-character passwords with 36-element character set.

	* ike-scan.c: Change 64-bit unsigned integer types from the fixed-
	  width uint64_t type to the "at least 64-bit" type UINT64 which is
	  determined by autoconf.

	* configure.ac: Determine 64-bit integer type and snprintf format
	  string using code from postgresql autoconf.  Previously we used
	  the fixed-width 64-bit types, but we never need exactly 64-bits,
	  only at least 64-bits.

2004-10-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* Internal release of 1.6.4.  NTA Monitor internal use only.

2004-10-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --nodns (-N) option.
	  Added "ERROR:" to error messages that were missing this prefix.
	  Corrected buffer length calculation that could result in a segv with
	  long argument lists.

2004-09-28 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Added bruteforce support.  New options:
	  --bruteforce and --charset.

	* ike-scan.c: Added missing "=" to help text for --id option.

2004-09-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added additional authentication method names and group
	  names from http://www.iana.org/assignments/ipsec-registry

2004-09-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added SHA2 algorithms to auth_names[].

2004-07-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: New program to crack Aggressive Mode Pre-Shared Keys
	  using dictionary attack.  This uses the output from "ike-scan -P"
	  together with a dictionary.  This program is not very polished, but
	  it works OK.

2004-07-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Display the rcsid for all important source files
	  for the --version option rather than just for ike-scan.c.

2004-07-12 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added new --tcptimeout (-O) option.  TCP Connect()
	  timeout can now be changed without having to change the #define.

2004-07-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for Aggressive Mode
	  Pre-Shared Key (PSK) cracking with --pskcrack (-P) option.
	  This outputs the PSK parameters as colon-separated hex values
	  for input into a seperate cracking program (which has not yet
	  been written).

2004-07-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number from 1.6.2 to 1.6.3 in
	  preparation for next batch of changes.

	* Internal release on 1.6.2.  NTA Monitor internal use only.
	  No tarballs generated.

	* configure.ac: Incremented version number from 1.6.1 to 1.6.2.

	* configure.ac: Added checks for headers netinet/tcp.h and signal.h
	  for TCP support.

	* ike-scan.c: Added experimental support for Cisco encapsulated
	  IKE over TCP as used by Cisco VPN Concentrator.  Changed --tcp (-T)
	  option to take an optional numeric argument: 1 (default) meaning
	  raw IKE over TCP, and 2 meaning Cisco propriatary encapsulation.

	* ike-scan.c: Add timeout for TCP connect() when using the --tcp (-T)
	  option.  This uses the alarm() call to interrupt connect() which
	  has a granularity of seconds.  Currently, the timeout is defined
	  by the macro TCP_CONNECT_TIMEOUT in ike-scan.h.

2004-06-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for TCP with --tcp (-T)
	  option.

2004-06-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-vendor-ids: Added several new Vendor ID patterns bringing the
	  total to 68.

	* ike-scan.h, ike-scan.c: Merge in timing error smoothing code.  This
	  is based on the TCP RTT smoothing algorithm in RFC 793.  It is only
	  used if ALPHA is defined in ike-scan.h.  Currently, this is disabled
	  because ALPHA is #undef'ed in ike-scan.h.

2004-05-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow identification value specified with --id option
	  to be either a string e.g. --id=test or a hex value with a leading
	  0x e.g. --id=0xdeadbeef.  Note that because previous versions always
	  interpreted the value as hex, you will need to add a leading 0x to
	  the values or re-code them as text strings.

2004-05-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: updated for automake 1.8.

	* configure.ac: updated for autoconf 2.59.

	* configure.ac: Support the use of OpenSSL hash functions.
	  If --with-openssl=PATH option is specified, then the OpenSSL
	  functions will be used; otherwise the built-in functions will be
	  used.

	* check-hash.c: New file to check MD5, SHA1 and HMAC functions for
	  "make check".

2004-04-15 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.h, ike-scan.c: Changed host entry list to use dynamic array
	  grown with realloc rather than a linked list using malloc for each
	  entry, plus an additional array of pointers.  This reduces the amount
	  of memory required from 56bytes per host to 45bytes per host.

	* ike-scan.c: Added --random (-R) option to randomise the host entry
	  list.  This uses the Knuth shuffle algorithm to shuffle the array of
	  pointers.

2004-04-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.h: Changed num_sent and num_rcvd fields from unsigned to
	  unsigned short to save space.

	* ike-scan.c: Moved the various utility functions that are not IKE
	  related to the new file utils.c.

	* Makefile.am: Added new source file: utils.c

2004-03-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number from 1.6 to 1.6.1 for next
	  version.
	* ike-scan.h: Re-arranged struct host_entry for better alignment -
	  moved "live" to end of structure.
	* ike-scan.c: Included host name in error message from gethostbyname().
	* ike-backoff-patterns: Added Linksys router pattern, submitted by
	  Bob Davis.

2004-01-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released v1.6  Tarball size: 141847, Zip size: 648717.
	  tarball md5sum: 5cdc5633a2a7484805d76b3952b8cef6
	  Zip md5sum: 86c417529af55b2e201e77f2f617dc95

2004-01-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: Added new shell-script-based tests check-run1,
	  check-run2, and check-run3.

	* ike-scan.1: Updated man page OPTIONS section and added FILES
	  section.

	* Added Russ Allbery's inet_aton replacement function for systems
	  like Solaris which don't have inet_aton in the standard library.
	  Added inet_aton check to configure.ac.

	* ike-scan.c: Cast char * to unsigned char * before passing to
	  isdigit().  isdigit can have problems with char if char is signed
	  and value >127, esp. when it's implemeted as a macro that indexes
	  into an array as on Solaris 8.

	* Use hexstring() to print cookie values rather than using htonl()
	  on the two 32-bit pieces.  Some systems define htonl() to return
	  unsigned long while others return unsigned int making it impossible
	  to use the same printf format string on all systems.

2004-01-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* iks-scan.c, isakmp.c: Added regular expression support for
	  Vendor ID pattern matching.  Patterns in ike-vendor-ids
	  are now Posix basic regular expressions which are compiled
	  with "regcomp" and matched against the hex representation
	  of the Vendor ID data with "regexec".

	* configure.ac: Added check for Posix regular expression
	  support.

2003-12-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added transform attribute generation functions make_attr()
	  and add_attr().  Use these functions in make_trans() to improve
	  readability and allow for future flexibility.

	* ike-scan.c: Free various bits of malloc'ed storage when they are
	  no longer used.  The pointers involved are: vid_data, patcopy,
	  id_data, gss_data, hdr, sa, prop, transforms, ke, nonce, id and vid.
	  These are all used only at initialisation time.  We don't save much
	  memory by free'ing these, but it's better to be neat & tidy.

	* check-sizes.c: New test program which checks the sizes of structures
	  and types.  This is referenced by the TESTS target in Makefile.am,
	  so it gets run by "make check".

	* ike-scan.c: check_struct_sizes() is now obsolete and has been
	  removed.

2003-12-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Fixed bug which caused the data length for ID and VID
	  payloads to be 8 bytes more than it really was (we were not
	  subtracting the length of the header structure).

	* isakmp.c: Only check the returned VID against a candidate pattern if
	  the VID data length is >= the candidate pattern length.

	* isakmp.c: Moved notification_msg[] from global to process_notify()
	  function.  Use STR_OR_ID macro to display appropriate string from
	  notification_msg[] which avoids a hard-coded constant.  Changed
	  format of "Firewall-1" 9101 notify message.

2003-12-24 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Modified error message if bind() fails to be more
	  specific depending on the value of errno.

	* ike-scan.c: Added --quiet option to prevent packet decode and thus
	  shorten the output if required and --multiline option to split the
	  decode over multiple lines (one line per payload).

	* ike-scan.c: Improved protocol decode.  SA and ID payloads are now
	  decoded.  For SA, the various transform attributes are shown.

	* ike-scan.c: Added utility functions printable() and hexstring() to
	  provide escaped-printable and hex representations of data.

	* isakmp.c: New process_id() function to process ID payload. Improved
	  process_sa() function to decode transforms.  Transform decoding is
	  no longer experimental.

2003-12-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added experimental support for displaying transform
	  attributes.  This code is only enabled if the --experimental option is
	  specified.  New attribute parseing function process_attr(),
	  new macro STR_OR_ID, and new function numstr() as well as additional
	  code in process_sa() function.

2003-12-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for Vendor ID fingerprinting using
	  fingerprints loaded from the file "ike-vendor-ids".  Added
	  --vidpatterns (-I) option to specify Vendor ID patterns file
	  location if it's not the default.

	* isakmp.c: Modified process_vid() to check for known Vendor ID
	  and print entry from database if found.

2003-12-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow target hosts to be specified as IPnet/bits or
	  IPstart-IPend as well as the traditional single host or IP address.
	  The new function add_host_pattern() deals with these new formats.
	  Added details to usage() to explain these additional formats.
	  This functionallity was first requested by Chris Gripp in Jan 2003.

2003-11-28 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Removed unecessary gethostbyname() call.

2003-11-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Removed many global variables and made them local to
	  main().  Only 4 global variables left now, all of which have
	  some reason to stay global.

2003-11-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added support for GSS ID attribute in make_trans()
	  function.

2003-11-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added support for lifesize (KB) to add_trans() and
	  make_trans() functions.

	* ike-scan.h: Modified function definitions for add_trans(),
	  make_trans(), and initialise_ike_packet() to take lifesize
	  argument.

	* ike-scan.c: Added support for --lifesize (-z) option.  Default
	  is not to include this attribute.

2003-11-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Wrote ISAKMP packet parsing routines: skip_payload,
	  process_isakmp_hdr, process_sa, process_vid, process_notify.
	  These are used by the new display_packet() routine in ike-scan.c

	* ike-scan.c: Re-wrote display_packet() function to parse ISAKMP
	  packet in a flexible way using functions in isakmp.c.  This
	  allows us to display multiple Vendor ID payloads (previously we
	  could only display the first), and also to detect and print
	  vendor ID payloads anwhere in the packet (previously it had to be
	  immediately after the SA payload, which may not be the case with
	  aggressive mode).

2003-11-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Fixed bug which could cause select() to be passed a
	  negative timeout when collecting backoff fingerprints.
	* Released v1.5.1.  Tarball size: 122595, Zip size: 632736.
	  tarball md5sum: 6425534104fd9f6f644c6f7286ed40e1
	  Zip md5sum: 52cf28982532030b2e7faf26dde8fb1d

2003-11-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for IKE Aggressive Mode.  New options:
	  --aggressive, --id, --idtype, --dhgroup.
	* isakmp.c: Added functions to build id, nonce and ke payloads for
	  Aggressive Mode.
	* ike-scan.1: Added details of Aggressive Mode options.
	* Released V1.5.

2003-11-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* wrappers.c: New file containing system/library call wrappers
	  for those calls which are not expected to fail.  Wrappers have
	  the same name as the underlying call but with initial capital
	  letter.  This convention is from W. Richard Stevens' Unix Network
	  Programming book.
	* ike-scan.c: Changed to use wrapper functions for Gettimeofday,
	  Malloc and Realloc.
	* isakmp.c: Changed to use wrapper function for Malloc.
	* isakmp.c: Wrote new add_trans() function.  This allows a multi-
	  transform payload to be built, it calls make_trans.
	* ike-scan.c: Use new add_trans() function in intialise_ike_packet()
	  rather than manually building the transform payload using
	  make_trans().
	* isakmp.c: Add new add_vid() function.
	* ike-scan.c: Use new add_vid() function to allow multiple VIDs to
	  be specified.
	* ike-scan.c: Add new function decode_trans.  Use this function to
	  parse the --trans argument which allows the specification of
	  encryption key length.

2003-11-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Wrote ISAKMP payload construction functions.
	* ike-scan.c: Use functions from isakmp.c to construct ISAKMP
	  payloads rather than manually filling in structures.

2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Change loop timing units from ms to us to improve
	  accuracy.  This requires a 64-bit integer type.

2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added elapsed time statistics to "Ending:" line.
	* ike-scan.c: Changed atoi(optarg) to
          strtoul(optarg, (char **)NULL, 10) for unsigned options to allow
	  full unsigned range.
	* ike-scan.c: Dynamically adjust select_timeout based on requested
          interval and cumulative error.
	* ike-scan.c: Removed --selectwait option as it is now unneccesary.
	* ike-scan.c: Renamed backoff variable to backoff_factor and changed
          type from float to double.
        * ike-scan.c: Timeout hosts immediately if possible when
	  starting the timeout pass.  This reduces the scanning time,
	  especially when scanning a large number of hosts.  Previously, the
	  scanning time tended to <retries+1> * <num-hosts>; now it tends
	  towards <retries> * <num-hosts>.
	* ike-scan.c: Added pass number which is displayed if verbose >= 1.

2003-10-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Don't call advance_cursor() if we can't send to a host
	  yet because the next host won't be ready either.
	* ike-scan.c: Start the search for a matching cookie at cursor->prev
	  rather than cursor.

2003-08-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.4.  Tarball size 114410 bytes, Zip size 622630.
	  tarball md5sum: d8755044a041859cde12d111973bb541
	  zip md5sum: 7871aead615b88e3fd6a516f60ac63d0

2003-07-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Print any vendor ID payload in hex if it follows an SA
	  payload.
	* ike-scan.c: allocate vid_data using malloc rather than having a
	  fixed-length array.  This allows the supplied vendor id to be of
	  arbitary length.

2003-07-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Changed --vendor option to use a hex string of arbitary
	  length (up to MAXLINE) rather than an md5 hash of the supplied
	  string.  This allows us to specify any vandor ID e.g. the one that
	  SecuRemote uses with main mode.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.3.  Tarball size 113350 bytes.
	  tarball md5sum: 3fc330e97017ac93bd35fd2973d14e58
	  Note: this is not an official release and no Windows (zip) version
	  was produced.  It is for internal use to test the new pattern
	  matching code.  However, it is available in the public download
	  directory if anyone wants to use it.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Added new patterns "watchguard-soho" and
	  "sonicwall-pro".  These both use the new "/" notation to represent
	  per-entry fuzz values.
	* ike-scan.c: Add fact that per-pattern fuzz entries override the
	  values specified with --fuzz to the help output.
	* Created detached GPG sigs (.asc) for *.tar.gz and *.zip using DSA
	  key ID 567B9F3A Roy Hills <Roy.Hills@nta-monitor.com>.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added check_struct_sizes() to check the size of the
	  ISAKMP structure sizes.
	* ike-scan.h: Added definition of check_struct_sizes().

2003-07-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for per-pattern-entry fuzz specification
	  in the patterns file.
	* ike-scan.h: New structure to support per-pattern-entry fuzz.

2003-06-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Improved backoff pattern display in dump_backoff().
	  Use integer arithmetic in add_pattern() to avoid rounding errors.
	* ike-scan.h: Remove math.h include.  Not needed now that we use
	  integer aritmetic in add_pattern().
	* configure.ac: Removed check for maths library.  Not needed now that
	  we use integer aritmetic in add_pattern().

2003-06-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.1: Created man page ike-scan.1.  This is required by some
	  Linux distributions e.g. Debian.
	* Makefile.am: Added support for new man page.
	* NEWS: Added info for v1.0, v1.1 and v1.2.
	* Makefile.am: Changed location of "ike-backoff-patterns" from
	  $datadir to $pkgdatadir.

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.2.  Tarball size 108137 bytes, Zip size 620292.
	  tarball md5sum: 25777051bb09306cb0b86e0cf1c48caa
	  zip md5sum: 5c02090900dc3fda7fa374fe99f48af5

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Minor comment changes.

2003-05-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Added package name and version to AC_INIT.

	* ike-scan.c: Use PACKAGE_STRING and PACKAGE_BUGREPORT symbols rather
	  than hard-coded strings.

2003-05-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac, acinclude.m4: Wrote macro AC_NTA_NET_SIZE_T to
	  determine the best type to use for the 3rd argument to accept().
	  This is normally socklen_t, but is sometimes int or size_t.
	  This change allows the program to compile on HP Tru64 Unix.

2003-05-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Renamed configure.in to configure.ac to comply with
	  new autoconf naming scheme and ran autoupdate to update from
	  autoconf 2.13 to 2.53.  No C code changes.

2003-02-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* error.c: Changed "syslog(level, buf)" to "syslog(level, "%s", buf)"
	  to fix syslog format string vulnerability.

2003-02-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.1.  Tarball size 91606 bytes, Zip size 578034.
	  tarball md5sum: b87fe14043c43c2897cf309c364574b7
	  zip md5sum: 59db0f1f170aaf50dfb2c05f4f950d00
	* Corrected typo in README-WIN32: know -> known.

2003-02-03 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: Changed DATADIR to IKEDATADIR.
	* ike-scan.h: Include <windows.h> if compiling under Cygwin.
	* ike-scan.c: Use ike-scan.exe dir as default patterns file dir
	  if compiling under Cygwin.
	* ike-scan now compiles under Cygwin and can be used as a Windows EXE
	  if CYGWIN1.DLL is present.

2003-01-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* Minor changes to --help output to make use of <> brackets
	  consistent.

2003-01-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added output of "Ending:" line showing number of hosts
	  scanned and number of responders after scan completes.
	* ike-scan.c: Only show backoff table if there is at least one
	  handshake responder.
	* ike-scan.c: Don't bother waiting for extra packets after all host
	  entries have been removed if there are no handshake responders.
	* ike-scan.c: Show that notify message 9101 is Firewall-1 4.x or NG
	  in output message.
	* ike-scan.c: Cast value from htonl to uint32_t when used in printf
	  statement to avoid warnings on those platforms which define htonl
	  as returning unsigned long (like FreeBSD).
	* ike-backoff-patterns: Added OpenBSD-isakmpd, discovered by Thomas
	  Walpuski.

2003-01-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* Fixed possible buffer overflow in code which joined argv elements
	  into a fixed-length string which is then written to syslog.
	* Removed RSA 1991 MD5 implementation and replaced with
	  L. Peter Deutsch's MD5 implementation dated 2002.

2003-01-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* Moved all #includes to ike-scan.h.
	* ike-scan.c, ike-scan.h: Changed host_entry element "n" from int to
	  unsigned.
	* ike-scan.c: Changed printf format for unsigned from %d to %u.
	* ike-scan.c: Added exchange type (Main Mode or Aggressive Mode) to
	  "handshake returned" message.
	* ike-scan.h: Make all #includes conditional based on configure findings
	* configure.in: Check for uint_8, uint_16 and u_int32 types using
	  custom macro AC_NTA_CHECK_TYPE (defined in acinclude.m4).  If the
	  types are not defined, then #define them to values that will work on
	  most systems.
	* ike-scan now builds and runs on two new platforms:
	  - Debian Linux 1.3.1 (old libc5 based Linux system with 2.0 kernel)
	  - Cygwin on Windows NT Workstation (only under the cygwin
	    environment; this doesn't produce a standalone windows exe).

2003-01-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Changed Cisco Concentrator entry to 0,8,8,8

2003-01-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released initial version v1.0. Tarball size 86434 bytes,
	  md5sum: 7299777c7d67d1cea82d9594867b4806