-----BEGIN PGP SIGNED MESSAGE----- The script (kinda) checks for open port 500 first. i.e. the script sends a packet to port 500 UDP and looks for a return ICMP error packet. If an ICMP error message is returned from the scanned host, the script will exit.
The script will generate a false positive if the scanned network (or host) is suppressing ICMP error messages (specifically type 3 code 3 ... port unreachable). If that's not the case (i.e. the host and network allow ICMP messages), then shoot me some more specifics, and I will try to fix.... John Lampe https://f00dikator.hn.org/ "Knowledge will forever govern ignorance, and a people who mean to be their own governors, must arm themselves with the power knowledge gives. A popular government without popular information or the means of acquiring it, is but a prologue to a farce or a tragedy or perhaps both." - --James Madison - ----- Original Message ----- From: "Michael J McCafferty" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 11:51 PM Subject: Falses on ike_check.nasl > > I have had the ike_check.nasl plugin false positive on > most, if not all scans I have run. The plugin seems to run no > matter if port 500/udp is open or not. I am not real good at > reading the nasl plugins yet, but... > I see where the plugin runs on port 500, but I don't see > where the plugin requires that 500/udp be open to run the test in > the first place. Then, it appears that if the plugin doesn't get > an ICMP Unreachable after running the attempted DOS, then it > thinks the DOS was successful and appears in the report. > So, if the plugin runs against a system that does not have > port 500/udp open, then it tests anyway. When the host still > doesn't repsond, then the plugin false-positives. > > Do I have this correct ? Anyone care to comment ? One > thing is for sure though, I am getting a lot of false positives. > > Mike > > > > > ************************************************** > Michael J. McCafferty > M5 Computer Security > 858-576-7325 Voice > PGP Key ID: 0x2206347F > http://www.m5computersecurity.com > ************************************************** > --- "If you build it, they will hack !" --- -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQEVAwUBPMRDMkXUt1lqbd/lAQH3Xgf/fQlJKi7J7s2/Gdy9xWw75V65mPU4vJh7 DfGVR0u1WeQOS3I6K70BTXTl/5aV7RQRAB5k+c6f4mDmreeCc7MIDfrIsTLru1JZ 3whATWXEAqYOf2FaowXwS24cQCShvyIcBLo1rFQQE6M5qxpiX91o851K+ZNpfJkk Or5Pb0eY1igfC5j03kqM5YA69YsobfIWR8/43MJiLWCMxjaKIVfT1gy2kdnH+EMp +UdH6NZGVzuhfsy+UuD+iViGOweBTOwOAfRzbISgIJpr8FMbqx58C5Jld64Ba0yv SP+qsSlMVANHk1P9WZsv7aAeBVuxzldNFmzzGYXOU8lfGdhnfD5w+A== =PC8w -----END PGP SIGNATURE-----
