File: ike-scan.1

package info (click to toggle)
ike-scan 1.9.4-2
  • links: PTS
  • area: main
  • in suites: buster
  • size: 5,104 kB
  • sloc: ansic: 10,991; sh: 884; perl: 148; makefile: 22
file content (547 lines) | stat: -rw-r--r-- 20,941 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
.\" Copyright (C) Roy Hills, NTA Monitor Ltd.
.\"
.\" Copying and distribution of this file, with or without modification,
.\" are permitted in any medium without royalty provided the copyright
.\" notice and this notice are preserved.
.\"
.\" $Id$
.TH IKE-SCAN 1 "January 14, 2007"
.\" Please adjust this date whenever revising the manpage.
.SH NAME
ike-scan \- Discover and fingerprint IKE hosts (IPsec VPN servers)
.SH SYNOPSIS
.B ike-scan
.RI [ options ] " " [ hosts ...]
.PP
Target hosts must be specified on the command line unless the
.B --file
option is specified.
.SH DESCRIPTION
.B ike-scan
discovers IKE hosts and can also fingerprint them using the
retransmission backoff pattern.
.PP
.B ike-scan
does two things:
.IP 1)
Discovery: Determine which hosts are running IKE.
This is done by displaying those hosts which respond to the IKE requests
sent by
.B ike-scan.
.IP 2)
Fingerprinting: Determine which IKE implementation the hosts are using.
There are several ways to do this: (a) Backoff fingerprinting - recording
the times of the IKE response packets from the target hosts and comparing
the observed retransmission backoff pattern against known patterns; (b) vendor
id fingerprinting - matching the vendor-specific vendor IDs against known
vendor ID patterns; and (c) proprietary notify message codes.
.PP
The retransmission backoff fingerprinting concept is discussed in more
detail in the UDP backoff fingerprinting paper which should be included
in the ike-scan kit as
.I udp-backoff-fingerprinting-paper.txt.
.PP
The program sends IKE Phase-1 requests to the specified hosts and displays
any responses that are received.  It handles retry and retransmission with
backoff to cope with packet loss.  It also limits the amount of bandwidth
used by the outbound IKE packets.
.PP
IKE is the Internet Key Exchange protocol which is the key exchange and
authentication mechanism used by IPsec.  Just about all modern VPN systems
implement IPsec, and the vast majority of IPsec VPNs use IKE for key exchange.
.PP
Phase-1 has two modes: Main Mode and Aggressive Mode.  ike-scan supports both
Main and Aggressive mode, and uses Main Mode by default.  RFC 2409 (IKE)
section 5 specifies that main mode must be implemented, therefore all IKE
implementations can be expected to support main mode.
.SH OPTIONS
.TP
.B --help or -h
Display this usage message and exit.
.TP
.B --file=<fn> or -f <fn>
Read hostnames or addresses from the specified file
instead of from the command line. One name or IP
address per line.  Use "-" for standard input.
.TP
.B --sport=<p> or -s <p>
Set UDP source port to <p>, default=500, 0=random.
Some IKE implementations require the client to use
UDP source port 500 and will not talk to other ports.
Note that superuser privileges are normally required
to use non-zero source ports below 1024.  Also only
one process on a system may bind to a given source port
at any one time. Use of the --nat-t option changes
the default source port to 4500
.TP
.B --dport=<p> or -d <p>
Set UDP destination port to <p>, default=500.
UDP port 500 is the assigned port number for ISAKMP
and this is the port used by most if not all IKE
implementations. Use of the --nat-t option changes
the default destination port to 4500
.TP
.B --retry=<n> or -r <n>
Set total number of attempts per host to <n>,
default=3.
.TP
.B --timeout=<n> or -t <n>
Set initial per host timeout to <n> ms, default=500.
This timeout is for the first packet sent to each host.
subsequent timeouts are multiplied by the backoff
factor which is set with --backoff.
.TP
.B --bandwidth=<n> or -B <n>
Set desired outbound bandwidth to <n>, default=56000
The value is in bits per second by default.  If you
append "K" to the value, then the units are kilobits
per second; and if you append "M" to the value,
the units are megabits per second.
The "K" and "M" suffixes represent the decimal, not
binary, multiples.  So 64K is 64000, not 65536.
.TP
.B --interval=<n> or -i <n>
Set minimum packet interval to <n> ms.
The packet interval will be no smaller than this number.
The interval specified is in milliseconds by default.
if "u" is appended to the value, then the interval
is in microseconds, and if "s" is appended, the
interval is in seconds.
If you want to use up to a given bandwidth, then it is
easier to use the --bandwidth option instead.
You cannot specify both --interval and --bandwidth
because they are just different ways to change the
same underlying variable.
.TP
.B --backoff=<b> or -b <b>
Set timeout backoff factor to <b>, default=1.50.
The per-host timeout is multiplied by this factor
after each timeout.  So, if the number of retries
is 3, the initial per-host timeout is 500ms and the
backoff factor is 1.5, then the first timeout will be
500ms, the second 750ms and the third 1125ms.
.TP
.B --verbose or -v
Display verbose progress messages.
Use more than once for greater effect:
1 - Show when each pass is completed and when
packets with invalid cookies are received.
2 - Show each packet sent and received and when
hosts are removed from the list.
3 - Display the host, Vendor ID and backoff lists
before scanning starts.
.TP
.B --quiet or -q
Don't decode the returned packet.
This prints less protocol information so the
output lines are shorter.
.TP
.B --multiline or -M
Split the payload decode across multiple lines.
With this option, the decode for each payload is
printed on a separate line starting with a TAB.
This option makes the output easier to read, especially
when there are many payloads.
.TP
.B --lifetime=<s> or -l <s>
Set IKE lifetime to <s> seconds, default=28800.
RFC 2407 specifies 28800 as the default, but some
implementations may require different values.
If you specify this as a a decimal integer, e.g.
86400, then the attribute will use a 4-byte value.
If you specify it as a hex number, e.g. 0xFF, then
the attribute will use the appropriate size value
(one byte for this example).
If you specify the string "none" then no lifetime
attribute will be added at all.
You can use this option more than once in conjunction
with the --trans options to produce multiple transform
payloads with different lifetimes.  Each --trans option
will use the previously specified lifetime value.
.TP
.B --lifesize=<s> or -z <s>
Set IKE lifesize to <s> Kilobytes, default=0.
If you specify this as a a decimal integer, e.g.
86400, then the attribute will use a 4-byte value.
If you specify it as a hex number, e.g. 0xFF, then
the attribute will use the appropriate size value
(one byte for this example).
You can use this option more than once in conjunction
with the --trans options to produce multiple transform
payloads with different lifesizes.  Each --trans option
will use the previously specified lifesize value.
.TP
.B --auth=<n> or -m <n>
Set auth. method to <n>, default=1 (PSK).
RFC defined values are 1 to 5.  See RFC 2409 Appendix A.
Checkpoint hybrid mode is 64221.
GSS (Windows "Kerberos") is 65001.
XAUTH uses 65001 to 65010.
This is not applicable to IKEv2.
.TP
.B --version or -V
Display program version and exit.
.TP
.B --vendor=<v> or -e <v>
Set vendor id string to hex value <v>.
You can use this option more than once to send
multiple vendor ID payloads.
.TP
.B --trans=<t> or -a <t>
Use custom transform <t> instead of default set.
You can use this option more than once to send
an arbitrary number of custom transforms.
There are two ways to specify the transform:
The new way, where you specify the attribute/value
pairs, and the old way where you specify the values
for a fixed list of attributes.
For the new method, the transform <t> is specified as
(attr=value, attr=value, ...)
Where "attr" is the attribute number, and "value" is
the value to assign to that attribute.  You can specify
an arbitary number of attribute/value pairs.
See RFC 2409 Appendix A for details of the attributes
and values.
Note that brackets are special to some shells, so you
may need to quote them, e.g. --trans="(1=1,2=2,3=3,4=4)".
For example, --trans=(1=1,2=2,3=1,4=2) specifies
Enc=3DES-CBC, Hash=SHA1, Auth=shared key, DH Group=2;
and --trans=(1=7,14=128,2=1,3=3,4=5) specifies
Enc=AES/128, Hash=MD5, Auth=RSA sig, DH Group=5.
For the old method, the transform <t> is specified as
enc[/len],hash,auth,group.
Where enc is the encryption algorithm,
len is the key length for variable length ciphers,
hash is the hash algorithm, and group is the DH Group.
For example, --trans=5,2,1,2 specifies
Enc=3DES-CBC, Hash=SHA1, Auth=shared key, DH Group=2;
and --trans=7/256,1,1,5 specifies
Enc=AES-256, Hash=MD5, Auth=shared key, DH Group=5.
This option is not yet supported for IKEv2.
.TP
.B --showbackoff[=<n>] or -o[<n>]
Display the backoff fingerprint table.
Display the backoff table to fingerprint the IKE
implementation on the remote hosts.
The optional argument specifies time to wait in seconds
after receiving the last packet, default=60.
If you are using the short form of the option (-o)
then the value must immediately follow the option
letter with no spaces, e.g. -o25 not -o 25.
.TP
.B --fuzz=<n> or -u <n>
Set pattern matching fuzz to <n> ms, default=500.
This sets the maximum acceptable difference between
the observed backoff times and the reference times in
the backoff patterns file.  Larger values allow for
higher variance but also increase the risk of
false positive identifications.
Any per-pattern-entry fuzz specifications in the
patterns file will override the value set here.
.TP
.B --patterns=<f> or -p <f>
Use IKE backoff patterns file <f>,
default=/usr/local/share/ike-scan/ike-backoff-patterns.
This specifies the name of the file containing
IKE backoff patterns.  This file is only used when
--showbackoff is specified.
.TP
.B --vidpatterns=<f> or -I <f>
Use Vendor ID patterns file <f>,
default=/usr/local/share/ike-scan/ike-vendor-ids.
This specifies the name of the file containing
Vendor ID patterns.  These patterns are used for
Vendor ID fingerprinting.
.TP
.B --aggressive or -A
Use IKE Aggressive Mode (The default is Main Mode)
If you specify --aggressive, then you may also
specify --dhgroup, --id and --idtype.  If you use
custom transforms with aggressive mode with the --trans
option, note that all transforms should have the same
DH Group and this should match the group specified
with --dhgroup or the default if --dhgroup is not used.
.TP
.B --id=<id> or -n <id>
Use <id> as the identification value.
This option is only applicable to Aggressive Mode.
<id> can be specified as a string, e.g. --id=test or as
a hex value with a leading "0x", e.g. --id=0xdeadbeef.
.TP
.B --idtype=<n> or -y <n>
Use identification type <n>.  Default 3 (ID_USER_FQDN).
This option is only applicable to Aggressive Mode.
See RFC 2407 4.6.2 for details of Identification types.
.TP
.B --dhgroup=<n> or -g <n>
Use Diffie Hellman Group <n>.  Default 2.
This option is only applicable to Aggressive Mode and
IKEv2.  For both of these, it is used to determine the
size of the key exchange payload.
If you use Aggressive Mode with custom transforms, then
you will normally need to use the --dhgroup option
unless you are using the default DH group.
Acceptable values are 1,2,5,14,15,16,17,18 (MODP only).
.TP
.B --gssid=<n> or -G <n>
Use GSS ID <n> where <n> is a hex string.
This uses transform attribute type 16384 as specified
in draft-ietf-ipsec-isakmp-gss-auth-07.txt, although
Windows-2000 has been observed to use 32001 as well.
For Windows 2000, you'll need to use --auth=65001 to
specify Kerberos (GSS) authentication.
.TP
.B --random or -R
Randomise the host list.
This option randomises the order of the hosts in the
host list, so the IKE probes are sent to the hosts in
a random order.  It uses the Knuth shuffle algorithm.
.TP
.B --tcp[=<n>] or -T[<n>]
Use TCP transport instead of UDP.
This allows you to test a host running IKE over TCP.
You won't normally need this option because the vast
majority of IPsec systems only support IKE over UDP.
The optional value <n> specifies the type of IKE over
TCP.  There are currently two possible values:
1 = RAW IKE over TCP as used by Checkpoint (default);
2 = Encapsulated IKE over TCP as used by Cisco.
If you are using the short form of the option (-T)
then the value must immediately follow the option
letter with no spaces, e.g. -T2 not -T 2.
You can only specify a single target host if you use
this option.
.TP
.B --tcptimeout=<n> or -O <n>
Set TCP connect timeout to <n> seconds (default=10).
This is only applicable to TCP transport mode.
.TP
.B --pskcrack[=<f>] or -P[<f>]
Crack aggressive mode pre-shared keys.
This option outputs the aggressive mode pre-shared key
(PSK) parameters for offline cracking using the
"psk-crack" program that is supplied with ike-scan.
You can optionally specify a filename, <f>, to write
the PSK parameters to.  If you do not specify a filename
then the PSK parameters are written to standard output.
If you are using the short form of the option (-P)
then the value must immediately follow the option
letter with no spaces, e.g. -Pfile not -P file.
You can only specify a single target host if you use
this option.
This option is only applicable to IKE aggressive mode.
.TP
.B --nodns or -N
Do not use DNS to resolve names.
If you use this option, then all hosts must be
specified as IP addresses.
.TP
.B --noncelen=<n> or -c <n>
Set the nonce length to <n> bytes. Default=20
This option controls the length of the nonce payload
that is sent in an aggressive mode or IKEv2 request.
Normally there is no need to use this option unless you
want to reduce the nonce size to speed up pre-shared
key cracking, or if you want to see how a particular
server handles different length nonce payloads.
RFC 2409 states that the length of nonce payload
must be between 8 and 256 bytes, but ike-scan does
not enforce this.
Specifying a large nonce length will increase the
size of the packet sent by ike-scan. A very large nonce
length may cause fragmentation, or exceed the maximum
IP packet size.
This option is only applicable to IKE aggressive mode.
.TP
.B --headerlen=<n> or -L <n>
Set the length in the ISAKMP header to <n> bytes.
You can use this option to manually specify the value
to be used for the ISAKMP header length.
By default, ike-scan will fill in the correct value.
Use this option to manually specify an incorrect
length.
<n> can be specified as "+n" which sets the length
to n bytes more than it should be, "-n" which sets
it to n bytes less, or "n" which sets it to exactly
bytes.
Changing the header length to an incorrect value can
sometimes disrupt VPN servers.
.TP
.B --mbz=<n> or -Z <n>
Use the value <n> for reserved (MBZ) fields, default=0.
Specifying this option makes the outgoing packet
non-RFC compliant, and should only be used if you want
to see how a VPN server will respond to invalid packets.
The value of <n> should be in the range 0-255.
.TP
.B --headerver=<n> or -E <n>
Specify the ISAKMP header version.
The default is 0x10 (16) which corresponds to v1.0.
Specifying a non-default value will make the outgoing
packet non-RFC compliant, and should only be used if
you want to see how the VPN server reacts to strange
versions.
The value should be in the range 0-255.
.TP
.B --certreq=<c> or -C <c>
Add the CertificateRequest payload <c>.
<c> should be specified as a hex value.
The first byte of the hex value will be interpreted as
the certificate type; the remaining bytes as the
certificate authority as described in RFC 2408 3.10.
The certificate types are listed in RFC 2408 sec 3.9.
RFC 2048 states "The Certificate Request payload MUST
be accepted at any point during the exchange"
.TP
.B --doi=<d> or -D <d>
Set the SA DOI to <d>, default 1 (IPsec).
You will not normally want to change this unless you
want to see how the VPN server responds to a
non-standard DOI.
.TP
.B --situation=<s> or -S <s>
Set the SA Situation to <d>, default 1.
The meaning of the situation depends on the DOI, and
is detailed in the appropriate DOI document.  For the
IPsec DOI, the default Situation of 1 represents
SIT_IDENTITY_ONLY.
You will not normally want to change this unless you
want to see how the VPN server responds to a
non-standard situation.
.TP
.B --protocol=<p> or -j <p>
Set the Proposal protocol ID to <p>, default 1.
The meaning of the proposal protocol ID depends on
the DOI, and is detailed in the appropriate DOI
document.  For the IPsec DOI, the default proposal
protocol id of 1 represents PROTO_ISAKMP.
You will not normally want to change this unless you
want to see how the VPN server responds to a
non-standard protocol ID.
.TP
.B --transid=<t> or -k <t>
Set the Transform ID to <t>, default 1.
The meaning of the transform ID depends on the
DOI, and is detailed in the appropriate DOI
document.  For the IPsec DOI, the default
transform id of 1 represents KEY_IKE.
You will not normally want to change this unless you
want to see how the VPN server responds to a
non-standard transform ID.
.TP
.B --spisize=<n>
Set the proposal SPI size to <n>.  Default=0
If this is non-zero, then a random SPI of the
specified size will be added to the proposal payload.
The default of zero means no SPI.
.TP
.B --hdrflags=<n>
Set the ISAKMP header flags to <n>.  Default=0
The flags are detailed in RFC 2408 section 3.1
.TP
.B --hdrmsgid=<n>
Set the ISAKMP header message ID to <n>.  Default=0
This should be zero for IKE Phase-1.
.TP
.B --cookie=<n>
Set the ISAKMP initiator cookie to <n>
The cookie value should be specified in hex.
By default, the cookies are automatically generated
and have unique values.  If you specify this option,
then you can only specify a single target, because
ike-scan requires unique cookie values to match up
the response packets.
.TP
.B --exchange=<n>
Set the exchange type to <n>
This option allows you to change the exchange type in
the ISAKMP header to an arbitrary value.
Note that ike-scan only supports Main and Aggressive
modes (values 2 and 4 respectively).  Specifying
other values will change the exchange type value in
the ISAKMP header, but will not adjust the other
payloads.
The exchange types are defined in RFC 2408 sec 3.1.
.TP
.B --nextpayload=<n>
Set the next payload in the ISAKMP header to <n>
Normally, the next payload is automatically set to the
correct value.
.TP
.B --randomseed=<n>
Use <n> to seed the pseudo random number generator.
This option seeds the PRNG with the specified number,
which can be useful if you want to ensure that the
packet data is exactly repeatable when it includes
payloads with random data such as key exchange or nonce.
By default, the PRNG is seeded with an unpredictable
value.
.TP
.B --timestamp
Display timestamps for received packets.
This option causes a timestamp to be displayed for
each received packet.
.TP
.B --sourceip=<s>
Set source IP address for outgoing packets to <s>.
This option causes the outgoing IKE packets to have
the specified source IP address.
The address can either be an IP address in dotted
quad format, or the string "random" which will use
a different random source address for each packet that
is sent.
If this option is used, no packets will be received
This option requires raw socket support, and you
will need superuser privileges to use this option,
even if you specify a high source port.
This option does not work on all operating systems.
.TP
.B --shownum
Display the host number for received packets.
This displays the ordinal host number of the
responding host before the IP address. It can be useful
when sending many packets to the same target IP, to
see if any probes are being ignored.
.TP
.B --nat-t
Use RFC 3947 NAT-Traversal encapsulation.
This option adds the non-ESP marker to the beginning
of outgoing packets and strips it from received
packets, as described in RFC 3947. It also changes the
default source port to 4500 and the default destination
port to 4500, which are the ports for NAT-T IKE.
These port numbers can be changed with the --sport and
--dport options, providing they are used after the
--nat-t option.
.TP
.B --rcookie=<n>
Set the ISAKMP responder cookie to <n>.
This sets the responder cookie to the specified hex
value.  By default, the responder cookie is set to zero.
.TP
.B --ikev2 or -2
Use IKE version 2
This causes the outgoing packets to use IKEv2 format
as defined in RFC 4306 instead of the default IKEv1
format. Any packets returned are automatically decoded
as IKE or IKEv2 depending on their payloads irrespective
of this option.
The --ikev2 option is currently experimental. It has not
been extensively tested, and it only supports sending the
default proposal.
.SH FILES
.TP
.I /usr/local/share/ike-scan/ike-backoff-patterns
List of UDP backoff patterns.  Used when the --showbackoff option is
specified.
.TP
.I /usr/local/share/ike-scan/ike-vendor-ids
List of known Vendor ID patterns.
.SH AUTHOR
Roy Hills <Roy.Hills@nta-monitor.com>
.SH "SEE ALSO"
.I http://www.nta-monitor.com/wiki/
The ike-scan wiki page.
.PP
.I http://www.nta-monitor.com/tools/ike-scan/
The ike-scan homepage.