File: NEWS

package info (click to toggle)
ike-scan 1.7-3
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 4,928 kB
  • ctags: 542
  • sloc: ansic: 5,931; sh: 3,589; makefile: 72
file content (156 lines) | stat: -rw-r--r-- 6,544 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
$Id: NEWS,v 1.10 2004/12/21 16:22:34 rsh Exp $

This file gives a brief overview of the major changes between each ike-scan
release.  For more details please read the ChangeLog file.

ike-scan v1.7:

* Improved "make check" tests, so they now check more areas including Pre-
  Shared Key cracking, HMAC and Hash speeds, and HMAC and Hash test vectors.

* Added --nodns (-N) option to prevent DNS lookups.  With this option,
  target hosts are not processed with gethostbyname(), which can avoid
  delays when the system running ike-scan does not have functioning DNS.

* Added additional authentication methods and hash algorithms to the output
  decoding functions in isakmp.c

* Added new psk-crack program to perform offline aggressive mode pre-shared
  key cracking using the output from ike-scan with the --pskcrack option.
  This psk-crack program supports both dictionary and brute-force cracking
  modes against MD5 and SHA1-based HMAC hashes.

* Added ability to output aggressive mode pre-shared key (PSK) parameters
  for later offline cracking with the --pskcrack (-P) option.  This option
  outputs the pre-shared key parameters as colon-separated hex-encoded values
  in the following format:

  g_xr:g_xi:cky_r:cky_i:sai_b:idir_b:ni_b:nr_b:hash_r

  These parameter details can be used by the psk-crack program (which is
  supplied as part of the ike-scan package) to attempt to crack the pre-
  shared key.

* Added support for IKE over TCP with the --tcp (-T) option.  Two TCP
  variants are supported:

  --tcp=1 (-T1) specifies raw IKE over TCP as used by Checkpoint; and
  --tcp=2 (-T2) specifies encapsulated IKE over TCP as used by Cisco.

  Note that you can only scan one host at a time when using IKE over TCP.

  When using TCP, you can modify the connect() timeout with the
  --tcptimeout (-O) option.  Default timeout is 10 seconds.

* Added experimental timing error smoothing code, which is based on the TCP RTT
  smoothing algorithm in RFC 793.  This is disabled by default; to enable it,
  #define ALPHA in ike-scan.h

* Allow the ID (Identity) payload that is specified with the --id option to
  be specified as either a string e.g. --id=test or a hex value with a leading
  0x e.g. --id=0xdeadbeef.  Note that you will probably need to change previous
  ID payload strings because of this change, as previously they were always
  interpreted as hex.

* Added support for OpenSSL MD5 and SHA1 hash functions.  These are generally
  faster than the hash functions supplied with ike-scan, which is of benefit
  when performing pre-shared key cracking.

  To compile with OpenSSL, use the --with-openssl option to configure.  With
  this option, configure will search for the OpenSSL libraries in several
  standard locations.

* Added --random (-R) option to randomise the host list before scanning.
  This causes the hosts to be scanned in a random order, which may be less
  obvious than the default sequential scanning.  The Knuth shuffle algorithm
  is used to randomise the list.

* Changed host entry from a linked-list to a dynamic array which decreases the
  memory required from 56 bytes per target host to 45 bytes.

* Added several new Vendor ID patterns.

* Added several new UDP backoff patterns.

ike-scan v1.6:

* ike-scan will now display multiple Vendor ID payloads if the server sends
  more than one.  Previously, it would only display the first Vendor ID and
  ignore the others.

* Added support for ISAKMP lifetime size transform attribute with the
  --lifesize (-z) option.  This is specified as kilobytes.  The default is
  0 which means don't include the lifetime size attribute.

* Added support for GSS IDs with --gssid (-G) option.  GSS IDs are described in
  draft-ietf-ipsec-isakmp-gss-auth-07.txt.  This is used by Windows-2000
  IPsec for Kerberos authentication.

* Allow target hosts to be specified as IPnet/bits to include all hosts in
  the given network, or IPstart-IPend to include all hosts in the inclusive
  range as well as single hostnames or IP addresses.

* Added support for Vendor ID fingerprinting.  The file "ike-vendor-ids"
  contains a list of known Vendor ID patterns, specified as Posix extended
  regular expressions.  These are used to match against the ascii hex
  representation of any returned Vendor IDs, and the name of the entry is
  displayed if a match is found.

* SA transform attributes and ID payloads are now decoded, and basic details
  (name and size) are displayed for payload types that we don't decode yet.
  Added --quiet option to prevent this decoding if it's not required.
  Added --multiline option to split the decode over multiple lines - one line
  per payload.  With --multiline, each payload decode line starts with a TAB.

ike-scan v1.5.1:

* Fixed a bug which could cause a negative value to be passed to select()
  when collecting backoff fingerprints.  This would result in select()
  returning EINVAL.

ike-scan v1.5:

* Aggressive mode is now supported.  The --aggressive (-A) option specifies
  aggressive mode.

* The --trans option can be specified multiple times to generate an arbitary
  number of custom transforms in the ISAKMP SA Proposal.

* The --vendor option can be specified multiple times to generate an arbitary
  number of Vendor ID payloads.

* UDP engine improvements: Dynamically adjust select() timeout, removing the
  need for a --selectwait argument; keep track of cumulative timing error, and
  use this to adjust the timing to compensate; calculate timings in
  microseconds rather than milliseconds to improve accuracy; and some minor
  tuning.

ike-scan v1.4:

* Two additions to permit Vendor ID fingerprinting.
  1. Allow the specification of an arbitary Vendor ID payload using the
     --vendor option.
  2. Display any Vendor ID payload returned by the target host.

ike-scan v1.3:	(Unofficial release)

* Added support for per-pattern-entry fuzz values in the backoff patterns
  file which allows more complex backoff patterns to be matched.
* Added new backoff patterns for "watchguard-soho" and "sonicwall-pro".

ike-scan v1.2:

* Fixed format string vulnerability in syslog() call.
* ike-scan now builds and runs on HP Tru64 Unix.

ike-scan v1.1:

* Added new backoff patterns for Cisco Concentrator and isakmpd.
* ike-scan now builds and runs on Windows/Cygwin, old libc5 Linux systems, and
  Solaris 2.8 / SPARC.
* Windows command-line binary released.

ike-scan v1.0: (Initial release)

* Compiles and runs on Debian Linux 2.2 "potato" and 3.0 "woody", FreeBSD 4.3,
  and OpenBSD 3.1.