File: ChangeLog

package info (click to toggle)
ike-scan 1.9.4-2
  • links: PTS
  • area: main
  • in suites: buster
  • size: 5,104 kB
  • sloc: ansic: 10,991; sh: 884; perl: 148; makefile: 22
file content (1563 lines) | stat: -rw-r--r-- 62,033 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
2013-08-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* .gitignore: New file listing patterns to exclude from the repository.

	* COPYING: New file.

	* check-decode: Modified so "make check" works with new
	  HeartBeat_Notify VID name.

	* configure.ac: Incremented version to 1.9.4 to distinguish new
	  version under git revision control.

	* ike-vendor-ids: Merged in vendor ID additions from Jonathan Claudius.

2013-08-15 Roy Hills <Roy.Hills@nta-monitor.com>

        * Final SVN revision before migration to git.

2012-12-14 Jesper K├╝ckelhahn <(email withheld)>

	* ike-vendor-ids: Added new vendor IDs from research while developing
	  script for nmap.

2011-09-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Removed most occurances of set but unused variables as
	  reported by -Wunused-but-set-variable in gcc 4.6. There is one
	  occuurance of this error remaining, because the --idstrings
	  option has not been fully implemented.

2011-04-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: incremented version number to 1.9.3

	* configure.ac: Remove version number from AM_INIT_AUTOMAKE macro,
	  as this usage is obsolete now.

	* ike-scan.c, ike-scan.h: Modify add_host_pattern() and add_host() so
	  we always use the more efficient inet_aton() rather than
	  get_host_address() for IPnet/bits, IPnet:mask and IPstart-IPend
	  patterns.

	* ike-scan.c: Add support for IPnet:netmask format in
          add_host_pattern().

	* ike-scan.c: Change all uses of sprintf() to snprintf().

2011-03-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* acinclude.m4: Removed #include <features.h> from GCC_FORTIFY_SOURCE
	  macro, as this header is not portable.

	* configure.ac: Added GCC_WEXTRA macro if we are compiling with GCC
	  to enable extra warnings, and define ATTRIBUTE_UNUSED to the
	  appropriate pragma depending on whether we are using GCC or not.

	* utils.c: Added ATTRIBUTE_UNUSED to sig_alarm parameter to avoid
	  unused parameter warning.

	* ike-scan.c: Add some casts to unsigned to avoid "comparison between
	  signed and unsigned" warnings.

2010-12-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* acinclude.m4: Added GCC_WEXTRA macro to determine if the C compiler
	  supports the -Wextra switch to enable extra warnings.

	* ike-scan.c, isakmp.c, utils.c, psk-crack.c: Addressed some of the
	  unsigned/signed comparisons flagged up with -Wextra.

2009-08-15 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, utils.c: Improve handling of --bandwidth and
	  --interval options: Allow either upper or lowercase
	  multiplier letters and give an error if an unknown multiplier
	  character is used.  Previously an unknown multiplier character
	  or one with the wrong case was silently ignored and treated as
	  no multiplier at all.

	* wrappers.c: Change Strtoul so it gives an error if the
	  underlying strtoul function finishes at an unconvertable
	  character other than NULL or whitespace.

	* configure.ac: Added extra warnings "-Wshadow -Wwrite-strings"
	  for gcc.

2009-08-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, ike-scan.h, psk-crack.h, configure.ac, error.c: Removed
	  syslog functionality as this is not used and has been #ifdef'ed out
	  for some time.

2009-05-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Upgraded for autoconf 2.61

2009-03-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* acinclude.m4: Added macros to detect compiler support for
	 -fstack-protect, -D_FORTIFY_SOURCE and -Wformat-security.

	* configure.ac: Conditionally enable compiler flags for
	 -fstack-protect, -D_FORTIFY_SOURCE and -Wformat-security using
	 the new acinclude.m4 autoconf macros.

	* configure.ac: Incremented version to 1.9.2

2008-09-01 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Improved the description of the --trans option in
	  the help output.

	* wrappers.c: Modified Strtoul so it only permits fully convertable
	  strings.  This avoids the problem mentioned by ML with 1=7/128
	  in an advanced transform specification.

	* ike-scan.c: Corrected those calls to Strtoul that assumed the old
	  behaviour, where a string could be terminated by any non convertable
	  character.

	* check-packet, pkt-custom-proposal.dat: Corrected the advanced
	  transform specification, and added an additional transform using
	  variable length attributes.

2008-03-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added additional XAUTH authentication methods to auth_map.

	* ike-backoff-patterns: Added Cisco PIX 7.0

	* ike-vendor-ids: Added Windows 2008 server

2007-06-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-error: new checking script to test response to error
          conditions.

2007-04-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: New function "dupstr", which is a local implementation
	  of the common but non-standard library function "strdup".

	* ike-scan.c: Replace calls to malloc/strcpy with calls to the
	  new dupstr function.  This makes the code tidier and also reduces
	  the number of calls to the potentially dangerous strcpy function.

2007-04-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.h: Undefined SYSLOG, as we don't use this any more, and I
	  doubt that anyone else needs it.  The syslog functionality may be
	  removed in a future release.

2007-04-13 Roy Hills <Roy.Hills@nta-monitor.com>

        * configure.ac: Added checks for strlcat and strlcpy, with
          replacement functions using the OpenBSD implementations if they are
          not present.

        * strlcat.c, strlcpy.c: New source files from the OpenBSD source at
          http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/string

2007-03-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number to 1.9.1.

	* ike-vendor-ids, ike-backoff-patterns: various minor changes and
	  additions.

2007-01-26 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released v1.9  Tarball size: 1412689, Zip size: 2260655.
	  tarball md5sum: bed63c7d2f54c482525a735be7b5e720
	  Zip md5sum: 5a224a60235189ba1b8882c98e09489c

2007-01-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Refactored display_packet() to ensure that payload
	  is correctly aligned.

2007-01-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-decode: New tests for pkt-main-natt-response,
	  pkt-aggr-cert-response, pkt-v2-notify-response and
	  pkt-checkpoint-notify.

	* check-packet: New test for pkt-single-trans.

	* ike-scan.c: Added conditional code to write received IKE packet to
	  a file.  This is used to create data files for use with check-decode,
	  and is not intended for production use.

	* psk-crack.h: Include <sys/time.h> and <time.h>.

	* ike-scan.c: Added O_TRUNC option to writepkttofile open() call.

2007-01-02 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-psk-crack-4: New checking script to improve coverage of
	  psk-crack.c and hash_functions.h.  Test coverage for these
	  source files is now:

	  96.88% of 64 lines executed in file hash_functions.h
	  95.28% of 318 lines executed in file psk-crack.c

	* check-packet, check-decode: Added new tests to improve coverage of
	  ike-scan.c and isakmp.c.  Test coverage for these files is
	  now:

	  71.18% of 1957 lines executed in file ike-scan.c
	  69.61% of 964 lines executed in file isakmp.c

	* ike-scan.c, ike-scan.h: Added new --readpktfromfile option.
	  This option reads the packet from the specified file rather
	  than from the network.  It is intended for debugging and
	  testing purposes, to allow the IKE packet decoding to be
	  easily checked.  This option is not documented, because it is
	  designed purely for testing.

2006-12-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added support for IKEv2 with new --ikev2
          option.

	* configure.ac: Incremented version to 1.8.7.

2006-12-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: New option --rcookie to set the responder
	  cookie to the specified value.  Modified make_isakmp_header() to
	  support specification of the responder cookie.

2006-12-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c, psk-crack.h: Moved nortel_user into psk_entry struct
	  to permit cracking a mixture of Nortel and standard PSKs, although
	  the command line options do not currently permit this.

	* psk-crack.c: Changed cracking loop order, so that the candidate
	  password selection (either the next work from the dictionary, or
	  the next brute-force string) is the outher loop, and the PSK entry
	  selection the inner one.  This avoids having to rewind the
	  dictionary file, which permits the use of stdin for the
	  dictionary.

	  This also cured an as-yet unfound bug, which caused false positive
	  matches against the last candidate password when cracking multiple
	  PSK entries.

	* psk-crack.c: Added support for using stdin for the dictionary file
	  with "--dictionary=-".  This allows us to use other programs to
	  generate the candidate passwords, e.g:
	  john --incremental --stdout | psk-crack --dictionary=- psk-file

	* hash_functions.h: New header file containing "inline static"
	  functions for MD5, SHA1, hmac_md5 and hmac_sha1.

	* configure.ac: Incremented version to 1.8.6.

2006-12-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --nat-t option to enable RFC 3947 NAT Traversal.
	  This option adds the Non-ESP marker to outbound packets and
	  strips the marker from responses.  It also changes the default
	  source and destination UDP ports to 4500.

2006-12-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for RFC 3947 NAT-Traversal.

2006-12-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added CRACK (128) to auth map.  This is defined in
	  draft-harkins-ipsra-crack-00 "IKE Challenge/Response for
	  Authenticated Cryptographic Keys", but I've not seen it used in
	  practice.

2006-11-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Moved all the ID/Name maps into isakmp.c as global
	  consts.  Other source files that need to reference them do so
	  by declaring them as extern.

	* utils.c: New functions name_or_number() and str_ccmp() which
	  allow a string containing either a number or a name from the
	  specified map to be used.

2006-11-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Changed --ranssrc option to --sourceip, and allow it
	  to take an IP address or the string "random".  When --sourceip is
	  specified, we no longer attempt to read from the socket as reading
	  UDP from a raw socket doesn't work on all OSes and we are unlikely
	  to receive any return data if we've spoofed the source address
	  anyway.

	* ike-vendor-ids: Update strongSwan vendor IDs based on stronSwan
	  4.0.5

2006-11-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: New function load_psk_params() to read the data from
	  the psk parameters file into a list of structures.  This moves the
	  psk file reading loop out of main(), and also allows more flexible
	  selection of the psk cracking order as all the psks are in memory.

	* psk-crack.c: New function compute_hash(), which does the real work
	  of computing the hash given the PSK parameters and a candidate
	  password.  This function is defined as "static inline" because it
	  is called from a tight loop, and inlining significantly improves
	  performance.

	* psk-crack.c: New function open_dict_file(), which opens the
	  dictionary file.  This function reduces the size of main() to make
	  it more readable.

	* configure.ac: Added AC_C_INLINE to check for compiler support for
	  function inlining and define "inline" accordingly in config.h.

2006-11-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.h: New header file for psk-crack.
	  This separates the psk-crack headers, defines, structures and
	  prototypes from ike-scan.

	* ike-scan.h: Removed psk-crack specific stuff. Modified psk_crack
	  structure to improve storage efficiency.

2006-10-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Modified creation of proposal and SA payloads, so that
	  these payloads contain the transform and proposal payloads
	  respectively (previously, they only returned the header, and it
	  was down to the caller to add the rest).  Also added add_prop()
	  function which allows for multiple proposals within an SA
	  payload (although ike-scan does not have any way to use this yet).

	* ike-scan.c: Modified initialise_ike_packet() function to use
	  modified SA and proposal functions.

2006-10-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-psk-crack-3: New script to check Nortel Contivity PSK
	  cracking.  Uses test data obtained from a Contivity 1600 running
	  software release 6.00.

	* psk-crack.1: Added --username option description to psk-crack
	  manpage.

2006-10-01 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Show backoff patterns even if there was only a
	  single response.  Some implementations, e.g. linksys, don't
	  retry at all, and this change allows these to be matched as
	  well. The lack of a pattern is sufficiently unusual to be a
	  pattern itself.

2006-09-23 Anonymous <l...e@gmail.com>

	* psk-crack.c: Added code to allow cracking Nortel Contivity
	  pre-shared keys, which use a variation of Mamro's method.  Thanks
	  to an anonymous benefactor.

2006-08-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Added new PIX backoff pattern, with details
	  of the PIX versions for both patterns.

2006-08-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* udp.h: Removed unneeded BSD-flavour declarations and unneeded macros.
	  Changed types from u_int{8,16,32}_t to uint{8,16,32}_t.  Added
	  definition of struct pseudo_hdr (moved from ike-scan.c).
	  Changed names of pseudo_hdr struct members to avoid problem due
	  to s_addr being defined as a macro on some systems (e.g. Solaris).

	* ip.h: Changed types from u_int{8,16,32}_t to uint{8,16,32}_t.
	  Removed unneeded macros.

	* utils.c: Change random_ip() so that it generates the same sequence
	  on both little-endian and big-endian systems.

	* ike-scan.c: --randsrc option now works on Solaris 9 and FreeBSD 5.3
	  as well as Linux.

2006-08-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Changed random number implementation to use
	  the mersenne twister functions from mt19937ar.c rather than the
	  standard rand() from the C library.

	  This improves the quality of the random numbers, as some C library
	  rand() functions are quite bad.  More importantly, it makes the
	  random number generation process repeatable across different
	  platforms.

	  However, this change also means that packets created with the new
	  PRNG will not be the same as packets created with the old one, even
	  if the same random seed value is used.

	* mt19937ar.c: New file - Mersenne Twister random number generator.

	* utils.c: New functions random_byte() and random_ip(), which use
	  the mersenne twister random number functions.

	* pkt-aggressive.dat: New file - sample aggressive mode packet.

	* check-packet: Added aggressive mode packet check.  This is possible
	  now that the random number generator is repeatable across platforms.

	* configure.ac: Incremented version number to 1.8.4.

2006-08-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, ike-scan.h: Added new --randsrc option for source IP
	  spoofing.

	* ike-scan.c, ike-scan.h: Added new --shownum option to display the
	  return packet number.  This is useful when looking for DoS
          conditions.

2006-08-02 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for source IP spoofing.
	  Currently, this only works on Linux.

	* ip.h, udp.h: New header files to support IP spoofing.  Copied
	  from the GNU C Library.

	* configure.ac: incremented version number to 1.8.2

2006-07-01 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac, ike-scan.c: Removed initial lookup and configure
	  option --enable-lookup to control it.  This is legacy code
	  that has never been required.

	* ike-scan.h, ike-scan.c: Removed low-pass filter in timing
	  error correction code, and associated ALPHA macro.  This had
	  never been used, and tests indicate that it performed worse
	  than the standard timing error correction code.

	* psk-crack.c: Free malloc'ed data when we are finished with
	  each PSK to prevent a memory leak when cracking many PSKs.
	  Thanks to Antoine Brodin for finding and reporting this bug.

2006-06-24 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: Changed printable() and hexstring() to make the first
	  arg "const unsigned char *" instead of "unsigned char *".  This
	  change was integrated from the arp-scan source.

2006-06-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* Changed web URLs to correspond with the new layout of the NTA
	  website.

2006-05-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Add --timestamp option.

	* isakmp.c: Improve decoding of notification payload.  Tony has found
	  an IKE implementation which returnes a notification payload after
	  the SA payload, and this uncovered shortcomings in the notification
	  processing code.

2006-05-12 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow --interval to be expressed in seconds by
	  appending "s" to the value.  This is useful if you want to send
	  packets very slowly, as it avoids having to add lots of trailing
	  zeros.

	* ike-scan.c: Add experimental option to display packet received
	  time in %H:%M:%S.%u format before the packet details.

	* Moved ike-scan source code from CVS to SVN revision control.
	  This changes the revision numbers from 1.x, where x is a relatively
	  small number, to y, where y is a larger number (currently four
	  digits).

2006-05-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Delay opening the file specified by --writepkttofile
	  until after we've dropped SUID to avoid security issues.

2006-03-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --randomseed option, which allows the PRNG seed
	  to be specified.  This enables packets with payloads containing
	  random data, such as Key Exchange and Nonce, to be compared with
	  known good examples for testing.  It also allows the packet data to
	  be exactly repeatable, which can be useful in some situations.

2006-03-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Use unsigned 64-bit integer arithmetic for interval
	  calculation instead of double-precision floating point.  This
	  avoids the small rounding errors that can occur with floating point.

2006-03-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* Moved ike-scan source code from RCS to CVS revision control.

2005-12-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released v1.8  Tarball size: 1376995, Zip size: 2090803.
	  tarball md5sum: 961310e6f3c07d26c90447e392dfb97e
	  Zip md5sum: 884e1c3eb03ea1519ab7537e095d2c0b

	* configure.ac: Incremented version number to 1.8.1 in preparation
	  for post 1.8 changes.

2005-12-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number to 1.8 in preparation
	  for release.

2005-12-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Added backoff patterns for Netgear ProSafe
	  and Netgear ADSL Firewall Router.  Submitted by Paul Askew.

2005-11-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* Removed automake boilerplace files, and ran automake --add-missing
	  --copy to obtain the latest versions as of automake 1.9.  The updated
	  files were: missing, install-sh, depcomp and INSTALL.  mkinstalldirs
	  is no longer installed by automake and is probably no longer needed.
	  However, I have kept the old version just in case.

2005-11-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.h: Changed u_int8_t, u_int16_t and u_int32_t to uint8_t,
	  uint16_t and uint32_t in definition of delete payload.

	* configure.ac: Improved OpenSSL detection by adding support for
	  libcrypto.so and libcrypto.dylib as well as libcrypto.a.

2005-11-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, ike-scan.h, configure.ac: Added new --writepkttofile
	  option.  This option writes the output packet to the specified file
	  rather than sending it to the remote host.  It is intended for
	  debugging and testing purposes, to allow the IKE packet to be
	  easily checked.  This option is not documented, because it is
	  designed purely for testing.

	* check-packet: New test to check IKE scan packet data.  Currently
	  tests two sample packets: one default proposal, and one custom
	  proposal.

	* configure.ac: Added conditional #include <stdlib.h> to the
	  AC_LINK_IFELSE that checks if the OpenSSL headers and libraries
	  work.  This is needed because the OpenSSL md5.h and sha1.h in
	  recent versions use size_t but don't include any header to
	  define it.

2005-11-24 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Support the OpenSSL libcrypto.a library in either
	  $ssldir/lib or in $ssldir.

	* configure.ac: Added --disable-lookup option which allows the
	  initial DNS lookup to be disabled.  This is in response to
	  Debian bug ID 327220.  Thanks to Florian Weimer for reporting this,
	  and to Benoit Mortier for forwarding the bug to me.

2005-10-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* wrappers.c: Added new wrapper function, Strtoul(), which
	  calls strtoul() and checks for errors.

	* ike-scan.c: Change most calls to strtoul() to use the new
	  wrapper function Strtoul() instead, because this checks for
	  errors.  Previously, a non-numeric value would be converted to
	  zero without any error, meaning something like "--sport=xxx"
	  would be silently accepted.  Now, such invalid inputs result in
	  an error.

	* ike-scan.c: Modify decode_trans_simple() to detect invalid values
	  which could previously result in an infinate loop.  Now, invalid
	  values cause an error.

2005-09-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* Upgraded automake from 1.8 to 1.9.  No code changes required.

2005-09-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-hash.c, check-sizes.c, error.c, ike-scan.c, isakmp.c,
	  psk-crack.c, utils.c, wrappers.c, ike-scan.h, isakmp.h: Added
	  OpenSSL exception to the copyright notice at the beginning of
	  these files.  This allows linking of the program against OpenSSL
	  and distributing linked versions.  This exception is intended to
	  allow the use of OpenSSL in this GPL v2 application.  The added
	  text reads:

	  "In addition, as a special exception, the copyright holders give
	  permission to link the code of portions of this program with the
	  OpenSSL library, and distribute linked combinations including the two.

	  You must obey the GNU General Public License in all respects
	  for all of the code used other than OpenSSL.  If you modify
	  file(s) with this exception, you may extend this exception to your
	  version of the file(s), but you are not obligated to do so.  If you
	  do not wish to do so, delete this exception statement from your
	  version."

	  This text was taken from
	  http://www.gnome.org/~markmc/openssl-and-the-gpl.html

2005-08-02 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added support for advanced transform
	  creation using new functions add_transform() and make_transform().
	  These new functions take a pre-built attribute list, which has
	  previously been created with add_attr(), and can therefore create
	  transforms with arbitrary attributes.

	  The old add_trans() and make_trans() functions have been renamed
	  to add_trans_simple() and make_trans_simple() to reflect the fact
	  that they are simplified versions.  These simple versions are now
	  wrappers that use the advanced functions.

	  Added support for advanced transform creation, which uses these new
	  functions.  This involves an alternative syntax for the --trans
	  option: --trans=(attr=value, ...).

2005-08-01 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added Notification payload processing.  We now
	  display details of an ISAKMP Notification payload if one is returned,
	  rather than just displaying generic payload information.

2005-07-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c, utils.c: Added support for variable length
	  lifetime and lifesize transform attributes.  Now, the --lifetime
	  and --lifesize options can take three options:

	  a) "none" - Do not add any lifetime or lifesize attribute
	  b) decimal integer, e.g. 86400 - Add a 4-byte value
	  c) hex number, e.g. 0xff - Add a variable length value

	  This allows arbitrary length lifetime and lifesize attributes to
	  be added using the hex notation.

2005-07-06 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --exchange option to allow the exchange field
	  in the ISAKMP header to be set to arbitrary values.

	* ike-scan.c: Changed default packet rate calculation from interval
	  to bandwidth.  The default bandwidth is 56000 bits per second.  It's
	  still possible to set the interval instead for backwards
	  compatibility, and for those applications where it's important to
	  be able to specify the exact packet rate.

2005-06-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added --hdrflags and --hdrmsgid options to
	  allow Flags and MsgID fields in the ISAKMP header to be specified.

	* ike-scan.c: Added --cookie option to allow the initiator cookie in
	  the ISAKMP header to be set to a static value.

	* isakmp.c: Added support for Checkpoint notify code 9110.  This was
	  observed when sending a large volume of requests to a VPN-1 system,
	  and is believed to be related to the Client Puzzles VPN DoS avoidance
	  mechanism.

	* isakmp.c: Display the Version, flags, or msgid from the ISAKMP
	  header if they don't contain the expected value.

2005-06-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* make-win32-zipfile.sh: New file to create the Windows binary
	  zipfile.  Used under Cygwin.  Previously, I had manually created
	  the zip files using "winzip", which was error-prone.

2005-06-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Add 64-bit cast to calculation of microsecond-resolution
	  time differences to ensure that the calculation is performed with
	  64-bit quantities.  Previously, the calculation was performed
	  with 32-bit quantities before being assigned to a 64-bit value.

2005-06-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: Modify timeval_diff() to prevent it changing its input
	  arguments.  Previously, it was sometimes changing its second
	  argument, b, because of the carry calculation; now it uses a
	  temporary value to perform the carry on.

2005-06-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Added Delete payload processing.  We now
	  display details of an ISAKMP Delete payload if one is returned,
	  rather than just displaying generic payload information.

2005-06-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Add --spisize option to allow a random SPI
	  of the specified size to be added to the proposal payload.

2005-06-15 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Display responder cookie value as a hex string
	  when displaying SA and Notify payloads, unless quiet is in effect.

	* ike-scan.c: Added support for SIGUSR1 handling.  Not fully
	  implemented.  NOTE: This was removed later in June 2005, because the
	  bug we were looking for was found and fixed.

	* isakmp.c: Print the SA Proposal SPI as hex if the SPI size in the
	  proposal header is non-zero.  During Phase-1, the SPI size is
	  normally zero.  However it has been observed to be non-zero on rare
	  occasions, and RFC 2408 allows this: "[during phase-1, the SPI is]
	  redundant and MAY be set to 0 or it MAY contain the transmitting
	  entity's cookie".

2005-05-31 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Fixed error which caused psk-crack to incorrectly report
	  PSKs after finding a valid one, when processing multiple PSK records.
	  Solution was to ensure that "found" is cleared on every loop
	  iteration.  Thanks to Daniel Lucq for finding this bug and suggesting
	  the solution.

2005-05-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Check return value from sendto() against size of
	  packet, and warn if they are different (meaning that not all of
	  the packet was sent).  I've seen this occur when using TCP
	  encapsulation to send huge packets (which fragment into many TCP
	  segments), and the VPN server sends a RST back.

2005-05-12 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Use POSIX regex to split both the backoff pattern and
	  vendor id pattern entries into name and pattern in functions
	  add_pattern() and add_vid_pattern().  Previously, we manually
	  stepped through the strings using pointers.  POSIX regex is more
	  complex, but it allows for more flexible and precise matching.

	* ike-scan.c: Add SO_REUSEADDR option to TCP socket when performing
	  TCP scanning (--tcp option).

	* ike-vendor-ids: Added 16 new Vendor IDs, and revised some comments
	  on existing entries.

2005-04-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Don't try to decode the SA in the returned packet if
	  it contains more than one transform.  This cannot happen during
	  normal scanning, because the VPN server will only return one
	  transform, but can occur if you scan your own host, and ike-scan
	  sees its own packets which contain multiple transforms.

2005-04-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Modified usage() so that it can output either brief or
	  detailed help output depending on a new "detailed" argument.  Now,
	  detailed output, including information on the available options, is
	  only displayed when ike-scan is run with the --help option.  For
	  error conditions such as incorrect options, it only produces brief
	  output.

2005-03-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Changed initialise_ike_packet() function to use the
	  struct ike_packet_params rather than taking the various parameters
	  as separate arguments, as the argument count for this function was
	  up to 15 and growing (c89 std only guarantees up to 31 I believe).
	  Also removed some unnecessary global variables and placed these in
	  the new struct, which currently contains 18 members.

	* ike-scan.c: Added --doi (-D) and --situation (-S) options to allow
	  the DOI and Situation in the SA of the outbound packets to be changed
	  from the default of DOI_IPSEC and SIT_IDENTITY_ONLY.

	* ike-scan.c: Added --protocol (-j) and --transid (-k) options to
	  allow the proposal protocol and transform id of the outbound packets
	  to be changed from the defaults.

2005-03-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c, isakmp.c: Improved decoding of Certificate and
	  CertificateRequest payloads.  These used to be decoded as
	  generic payloads, but now include the certificate type in the
	  decode output.

	* ike-scan.c: Added --certreq (-C) option to add a
	  CertificateRequest payload to the outgoing packet.

2005-03-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --headerlen (-L) option to allow the ISAKMP header
	  length to be manually specified.  Normally, ike-scan will
	  automatically calculate the correct length; however, you can use this
	  option if you want to use an incorrect length value instead.

	* ike-scan.c, isakmp.c: Added --mbz (-Z) option to allow the value for
	  the reserved (MBZ) fields to be set to non-zero values.  Doing so
	  will make the outgoing packet non-RFC compliant.

	* ike-scan.c, isakmp.c: Added --headerver (-E) option to allow the
	  version field in the ISAKMP header to be altered from the default of
	  0x10 (v1.0).

2005-02-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Drop root privileges after binding the local port if we
	  are running SUID.  We don't need enhanced privileges after this
	  point, and having effective UID root can cause problems on NFS
	  filesystems where the root user is squashed to nobody and we need
	  to write a PSK parameters file.

2005-02-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Make errors from gethostbyname or inet_aton when adding
	  hosts non-fatal.  Now these errors elicit a warning and cause the
	  offending target to be ignored, but processing continues.
	  Thanks to Tony Lloyd for finding this bug.

	* ike-scan.h, ike-scan.c, isakmp.c: Change structure definitions to
	  typedefs.  i.e. change "struct foo {defs};" to
	  typedef struct {defs} foo;".

	* ike-scan.h: Added extra data structure to the host entry structure.
	  This is designed to allow arbitrary extra data, such as an id string
	  or a transform specification, to be attached to a host entry.

2005-02-15 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --bandwidth (-B) option to allow the outgoing
	  bandwidth to be specified directly instead of using --interval.
	  The --bandwidth option calculates the appropriate interval setting,
	  taking into account the size of the packet.

	* ike-scan.c: Added --noncelen (-c) option to allow the length of the
	  nonce data to be changed.  This is only applicable to aggressive
	  mode.

2005-02-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.1: Updated psk-crack manpage to reflect current usage.  The
	  manpage had fallen behind, and had become inaccurate.

2005-02-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Match ip range and slash notation using regular
	  expressions rather than single character matches in
	  add_host_pattern().  This fixes the bug which caused hostnames with
	  hyphens to fail because they were wrongly interpreted as IP ranges.
	  Thanks to Volker Stolz for reporting this bug.

2005-01-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Make lack of Posix regular expression support a fatal
	  error.  Previously, it was optional, and we used conditional
	  compilation based on HAVE_REGEX_H.  However, this never worked, and
	  I've not found a system which lacks Posix regex support.

	* ike-scan.h, ike-scan.c, isakmp.c: Remove HAVE_REGEX_H conditional
	  compilation.  Note that we still use it to conditionally include
	  <regex.h> in ike-scan.h though.

2005-01-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Add SO_BROADCAST option to UDP socket to allow sending
	  to the broadcast address.

2005-01-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: Added new id_to_name() function to replace the more
	  limited STR_OR_ID macro.  This allows the use of sparse maps where
	  the IDs are not contiguous.  For example, the authentication methods
	  map, where RFC-defined IDs are 1 to 5, but there are proprietary and
	  draft methods around 64,000.

	* ike-scan.c, isakmp.c: Use new id_to_name() function rather than
	  STR_OR_ID macro.  Change the various id to name maps from char *
	  arrays to id_name_map arrays.

	* ike-scan.h: Remove STR_OR_ID macro, and add id_to_name() prototype.

2005-01-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number to 1.7.1 in preparation
	  for post 1.7 changes.

2005-01-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released v1.7  Tarball size: 1350170, Zip size: 2010303.
	  tarball md5sum: c06c6a3d78ba9b93c0abf79b3a3d2a11
	  Zip md5sum: 4e8c37775d541318e9841f17d22d492e

2005-01-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* README: Updated for ike-scan 1.6.7.
	* ike-scan.h: Increased default pattern matching fuzz value from 100
	  to 500 ms.
	* ike-scan.c: treat ECONNRESET the same as ECONNREFUSED. Some OSes
	  (e.g. Cygwin on Windows) return ECONNRESET from recvfrom() whereas
	  others return ECONNREFUSED.

2004-12-31 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow --interval argument to be specified as either
	  milliseconds or microseconds.  Milliseconds is the default, unless
	  the argument ends in "u" in which case it is taken as microseconds.

2004-12-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Corrected pointer comparison in remove_host() so that
	  advance_cursor() is always called when the host being removed is the
	  current host.  This bug sometimes caused ike-scan to hang.

2004-12-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* check-hash.c: Correct unsigned/signed char * pointers which were
	  giving warnings on Tru64 Alpha with Compaq C.

	* psk-crack.c: Avoid division by zero if elapsed_seconds is zero.
	  I've seen this problem occur on Tru64/Alpha with few iterations,
	  probably because the granularity of gettimeofday() is not small
	  enough on this platform.

	* sha1.c: Change "unsigned long" to "uint32_t" where a 32-bit
	  unsigned quantity is required.  This allows sha1 to work on systems
	  where "unsigned long" is not 32-bits e.g. Alpha.

	* psk-crack.c: cast argument to isspace() to unsigned char to avoid
	  "subscript has type char" warning on some OSes e.g. HP-UX.

	* psk-crack.c: Correct spelling of "fnbuf_siz" variable used for
	  Cygwin.

	* ike-scan.c, utils.c: Cast tv_sec and tv_usec timeval elements to
	  unsigned long before printing.  This is done because different
	  vendors use different types (signed/unsigned int/long) for these
	  elements.  As long is the widest type, and the values cannot be
	  negative, casting to unsigned long is safe.

2004-12-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Improve detection and location of OpenSSL libraries.
	  configure will now search several standard locations for the
	  OpenSSL libraries if the --with-openssl option is supplied.  If a
	  directory argument is given, then that will be added to the search
	  list.

2004-12-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Remove options to manually specify hash type (MD5 or
	  SHA1), as these are never needed.

2004-12-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Changed syntax for dictionary cracking.  Now dictionary
	  cracking does not need the dictionary file to be specified as an
	  argument.  It's possible to use a dictionary file other than the
	  default with the --dictionary option.

	* psk-crack.c: Support cracking multiple hashes if the PSK parameters
	  file has more than one line.

2004-12-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Minor changes to usage() to improve description of
	  --pskcrack and --tcptimeout options.

	* check-run-1, check-run-2: Add --nodns --retry=1 to reduce delay.

	* check-psk-crack-2: Add dictionary cracking tests.

2004-11-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added optional filename argument to --pskcrack (-P)
	  option to allow the PSK data to be written to a file for later
	  cracking with psk-crack.

2004-11-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* sha1.c: define SHA1HANDSOFF to 1 to prevent the SHA1 functions from
	  modifying the input buffer.  If this is not defined, then pre-shared
	  key cracking for SHA1 hashes using this SHA1 function fails.

	* Wrote two new tests for "make check": check-psk-crack-1 which tests
	  psk-crack --help and --version, and check-psk-crack-2 which tests
	  psk-crack bruteforce for both MD5 and SHA1 hashes.

2004-11-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* utils.c: printable() should quote the backslash itself to make
	  "\\n" (backslash, en) distinguishable from "\n" (newline).
	  This fix contributed by Pavel Kankovsky <kan(at)dcit.cz>

	* psk-crack.c: Changed loop counters from 32-bit to 64-bit integers
	  to cope with very large iteration counts, e.g. when brute-forcing
	  8-character passwords with 36-element character set.

	* ike-scan.c: Change 64-bit unsigned integer types from the fixed-
	  width uint64_t type to the "at least 64-bit" type UINT64 which is
	  determined by autoconf.

	* configure.ac: Determine 64-bit integer type and snprintf format
	  string using code from postgresql autoconf.  Previously we used
	  the fixed-width 64-bit types, but we never need exactly 64-bits,
	  only at least 64-bits.

2004-10-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* Internal release of 1.6.4.  NTA Monitor internal use only.

2004-10-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added --nodns (-N) option.
	  Added "ERROR:" to error messages that were missing this prefix.
	  Corrected buffer length calculation that could result in a segv with
	  long argument lists.

2004-09-28 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: Added bruteforce support.  New options:
	  --bruteforce and --charset.

	* ike-scan.c: Added missing "=" to help text for --id option.

2004-09-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added additional authentication method names and group
	  names from http://www.iana.org/assignments/ipsec-registry

2004-09-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added SHA2 algorithms to auth_names[].

2004-07-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* psk-crack.c: New program to crack Aggressive Mode Pre-Shared Keys
	  using dictionary attack.  This uses the output from "ike-scan -P"
	  together with a dictionary.  This program is not very polished, but
	  it works OK.

2004-07-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Display the rcsid for all important source files
	  for the --version option rather than just for ike-scan.c.

2004-07-12 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added new --tcptimeout (-O) option.  TCP Connect()
	  timeout can now be changed without having to change the #define.

2004-07-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for Aggressive Mode
	  Pre-Shared Key (PSK) cracking with --pskcrack (-P) option.
	  This outputs the PSK parameters as colon-separated hex values
	  for input into a separate cracking program (which has not yet
	  been written).

2004-07-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number from 1.6.2 to 1.6.3 in
	  preparation for next batch of changes.

	* Internal release on 1.6.2.  NTA Monitor internal use only.
	  No tarballs generated.

	* configure.ac: Incremented version number from 1.6.1 to 1.6.2.

	* configure.ac: Added checks for headers netinet/tcp.h and signal.h
	  for TCP support.

	* ike-scan.c: Added experimental support for Cisco encapsulated
	  IKE over TCP as used by Cisco VPN Concentrator.  Changed --tcp (-T)
	  option to take an optional numeric argument: 1 (default) meaning
	  raw IKE over TCP, and 2 meaning Cisco proprietary encapsulation.

	* ike-scan.c: Add timeout for TCP connect() when using the --tcp (-T)
	  option.  This uses the alarm() call to interrupt connect() which
	  has a granularity of seconds.  Currently, the timeout is defined
	  by the macro TCP_CONNECT_TIMEOUT in ike-scan.h.

2004-06-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added experimental support for TCP with --tcp (-T)
	  option.

2004-06-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-vendor-ids: Added several new Vendor ID patterns bringing the
	  total to 68.

	* ike-scan.h, ike-scan.c: Merge in timing error smoothing code.  This
	  is based on the TCP RTT smoothing algorithm in RFC 793.  It is only
	  used if ALPHA is defined in ike-scan.h.  Currently, this is disabled
	  because ALPHA is #undef'ed in ike-scan.h.

2004-05-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow identification value specified with --id option
	  to be either a string e.g. --id=test or a hex value with a leading
	  0x e.g. --id=0xdeadbeef.  Note that because previous versions always
	  interpreted the value as hex, you will need to add a leading 0x to
	  the values or re-code them as text strings.

2004-05-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: updated for automake 1.8.

	* configure.ac: updated for autoconf 2.59.

	* configure.ac: Support the use of OpenSSL hash functions.
	  If --with-openssl=PATH option is specified, then the OpenSSL
	  functions will be used; otherwise the built-in functions will be
	  used.

	* check-hash.c: New file to check MD5, SHA1 and HMAC functions for
	  "make check".

2004-04-15 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.h, ike-scan.c: Changed host entry list to use dynamic array
	  grown with realloc rather than a linked list using malloc for each
	  entry, plus an additional array of pointers.  This reduces the amount
	  of memory required from 56bytes per host to 45bytes per host.

	* ike-scan.c: Added --random (-R) option to randomise the host entry
	  list.  This uses the Knuth shuffle algorithm to shuffle the array of
	  pointers.

2004-04-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.h: Changed num_sent and num_rcvd fields from unsigned to
	  unsigned short to save space.

	* ike-scan.c: Moved the various utility functions that are not IKE
	  related to the new file utils.c.

	* Makefile.am: Added new source file: utils.c

2004-03-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Incremented version number from 1.6 to 1.6.1 for next
	  version.
	* ike-scan.h: Re-arranged struct host_entry for better alignment -
	  moved "live" to end of structure.
	* ike-scan.c: Included host name in error message from gethostbyname().
	* ike-backoff-patterns: Added Linksys router pattern, submitted by
	  Bob Davis.

2004-01-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released v1.6  Tarball size: 141847, Zip size: 648717.
	  tarball md5sum: 5cdc5633a2a7484805d76b3952b8cef6
	  Zip md5sum: 86c417529af55b2e201e77f2f617dc95

2004-01-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: Added new shell-script-based tests check-run1,
	  check-run2, and check-run3.

	* ike-scan.1: Updated man page OPTIONS section and added FILES
	  section.

	* Added Russ Allbery's inet_aton replacement function for systems
	  like Solaris which don't have inet_aton in the standard library.
	  Added inet_aton check to configure.ac.

	* ike-scan.c: Cast char * to unsigned char * before passing to
	  isdigit().  isdigit can have problems with char if char is signed
	  and value >127, esp. when it's implemented as a macro that indexes
	  into an array as on Solaris 8.

	* Use hexstring() to print cookie values rather than using htonl()
	  on the two 32-bit pieces.  Some systems define htonl() to return
	  unsigned long while others return unsigned int making it impossible
	  to use the same printf format string on all systems.

2004-01-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* iks-scan.c, isakmp.c: Added regular expression support for
	  Vendor ID pattern matching.  Patterns in ike-vendor-ids
	  are now Posix basic regular expressions which are compiled
	  with "regcomp" and matched against the hex representation
	  of the Vendor ID data with "regexec".

	* configure.ac: Added check for Posix regular expression
	  support.

2003-12-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added transform attribute generation functions make_attr()
	  and add_attr().  Use these functions in make_trans() to improve
	  readability and allow for future flexibility.

	* ike-scan.c: Free various bits of malloc'ed storage when they are
	  no longer used.  The pointers involved are: vid_data, patcopy,
	  id_data, gss_data, hdr, sa, prop, transforms, ke, nonce, id and vid.
	  These are all used only at initialisation time.  We don't save much
	  memory by free'ing these, but it's better to be neat & tidy.

	* check-sizes.c: New test program which checks the sizes of structures
	  and types.  This is referenced by the TESTS target in Makefile.am,
	  so it gets run by "make check".

	* ike-scan.c: check_struct_sizes() is now obsolete and has been
	  removed.

2003-12-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Fixed bug which caused the data length for ID and VID
	  payloads to be 8 bytes more than it really was (we were not
	  subtracting the length of the header structure).

	* isakmp.c: Only check the returned VID against a candidate pattern if
	  the VID data length is >= the candidate pattern length.

	* isakmp.c: Moved notification_msg[] from global to process_notify()
	  function.  Use STR_OR_ID macro to display appropriate string from
	  notification_msg[] which avoids a hard-coded constant.  Changed
	  format of "Firewall-1" 9101 notify message.

2003-12-24 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Modified error message if bind() fails to be more
	  specific depending on the value of errno.

	* ike-scan.c: Added --quiet option to prevent packet decode and thus
	  shorten the output if required and --multiline option to split the
	  decode over multiple lines (one line per payload).

	* ike-scan.c: Improved protocol decode.  SA and ID payloads are now
	  decoded.  For SA, the various transform attributes are shown.

	* ike-scan.c: Added utility functions printable() and hexstring() to
	  provide escaped-printable and hex representations of data.

	* isakmp.c: New process_id() function to process ID payload. Improved
	  process_sa() function to decode transforms.  Transform decoding is
	  no longer experimental.

2003-12-19 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added experimental support for displaying transform
	  attributes.  This code is only enabled if the --experimental option is
	  specified.  New attribute parsing function process_attr(),
	  new macro STR_OR_ID, and new function numstr() as well as additional
	  code in process_sa() function.

2003-12-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for Vendor ID fingerprinting using
	  fingerprints loaded from the file "ike-vendor-ids".  Added
	  --vidpatterns (-I) option to specify Vendor ID patterns file
	  location if it's not the default.

	* isakmp.c: Modified process_vid() to check for known Vendor ID
	  and print entry from database if found.

2003-12-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Allow target hosts to be specified as IPnet/bits or
	  IPstart-IPend as well as the traditional single host or IP address.
	  The new function add_host_pattern() deals with these new formats.
	  Added details to usage() to explain these additional formats.
	  This functionality was first requested by Chris Gripp in Jan 2003.

2003-11-28 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Removed unnecessary gethostbyname() call.

2003-11-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Removed many global variables and made them local to
	  main().  Only 4 global variables left now, all of which have
	  some reason to stay global.

2003-11-22 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added support for GSS ID attribute in make_trans()
	  function.

2003-11-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Added support for lifesize (KB) to add_trans() and
	  make_trans() functions.

	* ike-scan.h: Modified function definitions for add_trans(),
	  make_trans(), and initialise_ike_packet() to take lifesize
	  argument.

	* ike-scan.c: Added support for --lifesize (-z) option.  Default
	  is not to include this attribute.

2003-11-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Wrote ISAKMP packet parsing routines: skip_payload,
	  process_isakmp_hdr, process_sa, process_vid, process_notify.
	  These are used by the new display_packet() routine in ike-scan.c

	* ike-scan.c: Re-wrote display_packet() function to parse ISAKMP
	  packet in a flexible way using functions in isakmp.c.  This
	  allows us to display multiple Vendor ID payloads (previously we
	  could only display the first), and also to detect and print
	  vendor ID payloads anywhere in the packet (previously it had to be
	  immediately after the SA payload, which may not be the case with
	  aggressive mode).

2003-11-14 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Fixed bug which could cause select() to be passed a
	  negative timeout when collecting backoff fingerprints.
	* Released v1.5.1.  Tarball size: 122595, Zip size: 632736.
	  tarball md5sum: 6425534104fd9f6f644c6f7286ed40e1
	  Zip md5sum: 52cf28982532030b2e7faf26dde8fb1d

2003-11-13 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for IKE Aggressive Mode.  New options:
	  --aggressive, --id, --idtype, --dhgroup.
	* isakmp.c: Added functions to build id, nonce and ke payloads for
	  Aggressive Mode.
	* ike-scan.1: Added details of Aggressive Mode options.
	* Released V1.5.

2003-11-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* wrappers.c: New file containing system/library call wrappers
	  for those calls which are not expected to fail.  Wrappers have
	  the same name as the underlying call but with initial capital
	  letter.  This convention is from W. Richard Stevens' Unix Network
	  Programming book.
	* ike-scan.c: Changed to use wrapper functions for Gettimeofday,
	  Malloc and Realloc.
	* isakmp.c: Changed to use wrapper function for Malloc.
	* isakmp.c: Wrote new add_trans() function.  This allows a multi-
	  transform payload to be built, it calls make_trans.
	* ike-scan.c: Use new add_trans() function in initialise_ike_packet()
	  rather than manually building the transform payload using
	  make_trans().
	* isakmp.c: Add new add_vid() function.
	* ike-scan.c: Use new add_vid() function to allow multiple VIDs to
	  be specified.
	* ike-scan.c: Add new function decode_trans.  Use this function to
	  parse the --trans argument which allows the specification of
	  encryption key length.

2003-11-07 Roy Hills <Roy.Hills@nta-monitor.com>

	* isakmp.c: Wrote ISAKMP payload construction functions.
	* ike-scan.c: Use functions from isakmp.c to construct ISAKMP
	  payloads rather than manually filling in structures.

2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Change loop timing units from ms to us to improve
	  accuracy.  This requires a 64-bit integer type.

2003-10-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added elapsed time statistics to "Ending:" line.
	* ike-scan.c: Changed atoi(optarg) to
          strtoul(optarg, (char **)NULL, 10) for unsigned options to allow
	  full unsigned range.
	* ike-scan.c: Dynamically adjust select_timeout based on requested
          interval and cumulative error.
	* ike-scan.c: Removed --selectwait option as it is now unneccesary.
	* ike-scan.c: Renamed backoff variable to backoff_factor and changed
          type from float to double.
        * ike-scan.c: Timeout hosts immediately if possible when
	  starting the timeout pass.  This reduces the scanning time,
	  especially when scanning a large number of hosts.  Previously, the
	  scanning time tended to <retries+1> * <num-hosts>; now it tends
	  towards <retries> * <num-hosts>.
	* ike-scan.c: Added pass number which is displayed if verbose >= 1.

2003-10-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Don't call advance_cursor() if we can't send to a host
	  yet because the next host won't be ready either.
	* ike-scan.c: Start the search for a matching cookie at cursor->prev
	  rather than cursor.

2003-08-05 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.4.  Tarball size 114410 bytes, Zip size 622630.
	  tarball md5sum: d8755044a041859cde12d111973bb541
	  zip md5sum: 7871aead615b88e3fd6a516f60ac63d0

2003-07-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Print any vendor ID payload in hex if it follows an SA
	  payload.
	* ike-scan.c: allocate vid_data using malloc rather than having a
	  fixed-length array.  This allows the supplied vendor id to be of
	  arbitrary length.

2003-07-16 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Changed --vendor option to use a hex string of arbitrary
	  length (up to MAXLINE) rather than an md5 hash of the supplied
	  string.  This allows us to specify any vendor ID e.g. the one that
	  SecuRemote uses with main mode.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.3.  Tarball size 113350 bytes.
	  tarball md5sum: 3fc330e97017ac93bd35fd2973d14e58
	  Note: this is not an official release and no Windows (zip) version
	  was produced.  It is for internal use to test the new pattern
	  matching code.  However, it is available in the public download
	  directory if anyone wants to use it.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Added new patterns "watchguard-soho" and
	  "sonicwall-pro".  These both use the new "/" notation to represent
	  per-entry fuzz values.
	* ike-scan.c: Add fact that per-pattern fuzz entries override the
	  values specified with --fuzz to the help output.
	* Created detached GPG sigs (.asc) for *.tar.gz and *.zip using DSA
	  key ID 567B9F3A Roy Hills <Roy.Hills@nta-monitor.com>.

2003-07-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added check_struct_sizes() to check the size of the
	  ISAKMP structure sizes.
	* ike-scan.h: Added definition of check_struct_sizes().

2003-07-04 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added support for per-pattern-entry fuzz specification
	  in the patterns file.
	* ike-scan.h: New structure to support per-pattern-entry fuzz.

2003-06-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Improved backoff pattern display in dump_backoff().
	  Use integer arithmetic in add_pattern() to avoid rounding errors.
	* ike-scan.h: Remove math.h include.  Not needed now that we use
	  integer arithmetic in add_pattern().
	* configure.ac: Removed check for maths library.  Not needed now that
	  we use integer arithmetic in add_pattern().

2003-06-17 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.1: Created man page ike-scan.1.  This is required by some
	  Linux distributions e.g. Debian.
	* Makefile.am: Added support for new man page.
	* NEWS: Added info for v1.0, v1.1 and v1.2.
	* Makefile.am: Changed location of "ike-backoff-patterns" from
	  $datadir to $pkgdatadir.

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.2.  Tarball size 108137 bytes, Zip size 620292.
	  tarball md5sum: 25777051bb09306cb0b86e0cf1c48caa
	  zip md5sum: 5c02090900dc3fda7fa374fe99f48af5

2003-06-11 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Minor comment changes.

2003-05-10 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Added package name and version to AC_INIT.

	* ike-scan.c: Use PACKAGE_STRING and PACKAGE_BUGREPORT symbols rather
	  than hard-coded strings.

2003-05-09 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac, acinclude.m4: Wrote macro AC_NTA_NET_SIZE_T to
	  determine the best type to use for the 3rd argument to accept().
	  This is normally socklen_t, but is sometimes int or size_t.
	  This change allows the program to compile on HP Tru64 Unix.

2003-05-08 Roy Hills <Roy.Hills@nta-monitor.com>

	* configure.ac: Renamed configure.in to configure.ac to comply with
	  new autoconf naming scheme and ran autoupdate to update from
	  autoconf 2.13 to 2.53.  No C code changes.

2003-02-21 Roy Hills <Roy.Hills@nta-monitor.com>

	* error.c: Changed "syslog(level, buf)" to "syslog(level, "%s", buf)"
	  to fix syslog format string vulnerability.

2003-02-18 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released version v1.1.  Tarball size 91606 bytes, Zip size 578034.
	  tarball md5sum: b87fe14043c43c2897cf309c364574b7
	  zip md5sum: 59db0f1f170aaf50dfb2c05f4f950d00
	* Corrected typo in README-WIN32: know -> known.

2003-02-03 Roy Hills <Roy.Hills@nta-monitor.com>

	* Makefile.am: Changed DATADIR to IKEDATADIR.
	* ike-scan.h: Include <windows.h> if compiling under Cygwin.
	* ike-scan.c: Use ike-scan.exe dir as default patterns file dir
	  if compiling under Cygwin.
	* ike-scan now compiles under Cygwin and can be used as a Windows EXE
	  if CYGWIN1.DLL is present.

2003-01-30 Roy Hills <Roy.Hills@nta-monitor.com>

	* Minor changes to --help output to make use of <> brackets
	  consistent.

2003-01-29 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-scan.c: Added output of "Ending:" line showing number of hosts
	  scanned and number of responders after scan completes.
	* ike-scan.c: Only show backoff table if there is at least one
	  handshake responder.
	* ike-scan.c: Don't bother waiting for extra packets after all host
	  entries have been removed if there are no handshake responders.
	* ike-scan.c: Show that notify message 9101 is Firewall-1 4.x or NG
	  in output message.
	* ike-scan.c: Cast value from htonl to uint32_t when used in printf
	  statement to avoid warnings on those platforms which define htonl
	  as returning unsigned long (like FreeBSD).
	* ike-backoff-patterns: Added OpenBSD-isakmpd, discovered by Thomas
	  Walpuski.

2003-01-27 Roy Hills <Roy.Hills@nta-monitor.com>

	* Fixed possible buffer overflow in code which joined argv elements
	  into a fixed-length string which is then written to syslog.
	* Removed RSA 1991 MD5 implementation and replaced with
	  L. Peter Deutsch's MD5 implementation dated 2002.

2003-01-25 Roy Hills <Roy.Hills@nta-monitor.com>

	* Moved all #includes to ike-scan.h.
	* ike-scan.c, ike-scan.h: Changed host_entry element "n" from int to
	  unsigned.
	* ike-scan.c: Changed printf format for unsigned from %d to %u.
	* ike-scan.c: Added exchange type (Main Mode or Aggressive Mode) to
	  "handshake returned" message.
	* ike-scan.h: Make all #includes conditional based on configure findings
	* configure.in: Check for uint_8, uint_16 and u_int32 types using
	  custom macro AC_NTA_CHECK_TYPE (defined in acinclude.m4).  If the
	  types are not defined, then #define them to values that will work on
	  most systems.
	* ike-scan now builds and runs on two new platforms:
	  - Debian Linux 1.3.1 (old libc5 based Linux system with 2.0 kernel)
	  - Cygwin on Windows NT Workstation (only under the cygwin
	    environment; this doesn't produce a standalone windows exe).

2003-01-23 Roy Hills <Roy.Hills@nta-monitor.com>

	* ike-backoff-patterns: Changed Cisco Concentrator entry to 0,8,8,8

2003-01-20 Roy Hills <Roy.Hills@nta-monitor.com>

	* Released initial version v1.0. Tarball size 86434 bytes,
	  md5sum: 7299777c7d67d1cea82d9594867b4806