Monday, 13 January 2014
[ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)
Posted By:
Security Geeks
on 13:01
Among the various functions that the ike-scan can perform, it discovers hosts of IKE and also fingerprints these using a back-off pattern for retransmission. Here are some more of its functions:
Discovers:
The scan determines particular hosts that are running IKE within the IP range provided. This action is a result of the displaying hosts that respond to the ike-scan requests for IKE.
Fingerprint:
This set up helps in determining what kind of IKE implementation in network security the hosts are using. In some of the cases, it also determines the software versions that they are running. This is carried forward in dual ways. First way is done by fingerprinting with UDP back-off that involves the procedure of recording the times of the packets of IKE response from the hosts aimed, and also comparing the retransmission pattern with the existing patterns. The second procedure is done by fingerprinting with the Vendor ID that compares payloads of Vender ID from the VPN servers with the patterns of vendor id already known.
User Enumeration:
This works for some VPN systems where valid usernames of VPN are discovered.
Transform Enumeration:
It finds out which transform characteristics are allowed on the VPN server for Phase-1 of IKE. For example, hash algorithm, encryption algorithm, etc.
Key cracking that is pre-shared:
The ike-scan performs brute-forced cracking of passwords or offline dictionary for IKE Aggressive mode which has Pre-shared Key authentication. This one uses ike-scan in order to obtain parameters like hash and psk-crack, which in turn is a part of package of ike-scan, and perform the cracking.
There is a detailed description of the concept of retransmission back off fingerprinting in the fingerprinting paper of UDP back off that is supposed to be included in the kit of ike-scan as UDP Backoff Fingerprinting Paper.
The specified program sends requests Main Mode or Aggressive Mode, also known as IKE phase-1 to the specified hosts and displays the responses it receives. The ike-scan works with the retransmission and retries with back off to cope up with the loss of pocket. It also confines the amount of bandwith consumed by the IKE packets that are outbound. IKE is actually the Internet Key Exchange protocol that is the key authentication mechanism and exchange used by IPsec. Almost all the modern systems of VPN implement IPsec and most of the IPsec VPNs use IKE to enable key exchange. The Main Mode is the mode among many others for phase-1 of the IKE exchange. The other mode that is defined in similar way is the aggressive mode. The main mode is preferable implemented as far as the RFC 2409 section 5 is concerned. This proves that all implementations of IKE are expected to support the main mode. Many of them also support the Aggressive Mode.
Building and Installing
Firstly, to obtain the project source code you need to Run git clone https://github.com/royhills/ike-scan.gitRun cd ike-scan to enter source directory
Then to b able o install a viable ./configure file Run autoreconf
Run ./configure or ./configure --with-openssl to use the OpenSSL libraries
For building the project Run make
Run make check to verify that everything works as expected
Run make install to install
Author Bio:
Maegan Pulman is a freelance IT consultant and technology enthusiast. She is active in local and international IT events and is always on the lookout for the latest industry trends.