I scanned a host which I manually verified had IKE running on port 500, but I cannot get nessus to report that it has detected this service. I can manually run the nasl (nasl -t <ip.address> ike_detect.nasl) and verify there is a response from the server using tcpdump:
Capturing on eth2 1 0.000000 src.ip -> dst.ip ISAKMP Identity Protection (Main Mode) 2 0.031108 dst.ip -> src.ip ISAKMP Identity Protection (Main Mode) 3 0.031147 src.ip -> dst.ip ICMP Destination unreachable (Port unreachable) 4 1.031149 src.ip -> dst.ip ISAKMP Identity Protection (Main Mode) 5 2.067193 src.ip -> dst.ip ISAKMP Base 6 2.099405 dst.ip -> src.ip ISAKMP Informational 11 3.163231 src.ip -> dst.ip ISAKMP Aggressive 13 7.984315 dst.ip -> src.ip ISAKMP Identity Protection (Main Mode) I also see that the nasl ran in nessusd.messages: [Thu Jul 13 10:42:18 2006][19214] user admin : launching ike_detect.nasl against <ip.address> [10074] [Thu Jul 13 10:42:33 2006][19214] ike_detect.nasl (process 10074) finished its job in 15.728 seconds But nessus still will not report this service. I have tried with safe checks on and off, and tried various port scan settings (udp, tcp syn...) Am I missing something? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Zlatin Sent: Thursday, July 13, 2006 9:21 PM To: Larry Cc: [email protected] Subject: Re: Detect IKE VPNs On Thu, 13 Jul 2006, Larry wrote: > Sorry for the last email, I forgot to change the subject. > > Is there a nessus plugin that will detect IKE VPN's on UDP port 500 > and 10000? Also, IKE TCP VPN's? The IPSec IKE detection plugin (#11935) will detect IKE VPN servers on UDP port 500. I'm not sure why port 10000 isn't used in that plugin too. I don't think there are any plugins that detect IKE TCP VPN servers. -- - Josh _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
