security/ike-scan - The NetBSD Packages Collection

Fingerprinting IKE implementation

ike-scan discovers IKE hosts and can also fingerprint them using the
retransmission backoff pattern.

ike-scan does two things:

a) Discovery: Determine which hosts are running IKE.
   This is done by displaying those hosts which respond to the IKE requests
   sent by ike-scan.

b) Fingerprinting: Determine which IKE implementation the hosts are using.
   This is done by recording the times of the IKE response packets from the
   target hosts and comparing the observed retransmission backoff pattern
   against known patterns.

The retransmission backoff fingerprinting concept is discussed in more
detail in the UDP backoff fingerprinting paper which should be included
in the ike-scan kit as udp-backoff-fingerprinting-paper.txt.

The program sends IKE main mode requests to the specified hosts and displays
any responses that are received.  It handles retry and retransmission with
backoff to cope with packet loss.  It also limits the amount of bandwidth
used by the outbound IKE packets.

Build dependencies

pkgtools/mktools pkgtools/cwrappers

Runtime dependencies

(none)

Binary packages

OSArchitectureVersion
NetBSD 10.0aarch64ike-scan-1.9nb7.tgz
NetBSD 10.0aarch64ike-scan-1.9nb6.tgz
NetBSD 10.0aarch64ike-scan-1.9nb6.tgz
NetBSD 10.0aarch64ebike-scan-1.9nb6.tgz
NetBSD 10.0aarch64ebike-scan-1.9nb7.tgz
NetBSD 10.0alphaike-scan-1.9nb7.tgz
NetBSD 10.0earmv6hfike-scan-1.9nb7.tgz
NetBSD 10.0earmv6hfike-scan-1.9nb6.tgz
NetBSD 10.0earmv6hfike-scan-1.9nb6.tgz
NetBSD 10.0earmv7hfike-scan-1.9nb7.tgz
NetBSD 10.0earmv7hfike-scan-1.9nb6.tgz
NetBSD 10.0earmv7hfike-scan-1.9nb6.tgz
NetBSD 10.0i386ike-scan-1.9nb7.tgz
NetBSD 10.0i386ike-scan-1.9nb6.tgz
NetBSD 10.0powerpcike-scan-1.9nb6.tgz
NetBSD 10.0vaxike-scan-1.9nb6.tgz
NetBSD 10.0vaxike-scan-1.9nb7.tgz
NetBSD 10.0x86_64ike-scan-1.9nb7.tgz
NetBSD 10.0_BETAx86_64ike-scan-1.9nb6.tgz
NetBSD 8.0i386ike-scan-1.9nb6.tgz
NetBSD 8.0i386ike-scan-1.9nb6.tgz
NetBSD 8.0powerpcike-scan-1.9nb6.tgz
NetBSD 8.0powerpcike-scan-1.9nb6.tgz
NetBSD 8.0powerpcike-scan-1.9nb7.tgz
NetBSD 8.0powerpcike-scan-1.9nb6.tgz
NetBSD 8.0x86_64ike-scan-1.9nb6.tgz
NetBSD 8.0x86_64ike-scan-1.9nb6.tgz
NetBSD 8.0x86_64ike-scan-1.9nb7.tgz
NetBSD 9.0aarch64ike-scan-1.9nb7.tgz
NetBSD 9.0aarch64ike-scan-1.9nb6.tgz
NetBSD 9.0aarch64ike-scan-1.9nb6.tgz
NetBSD 9.0alphaike-scan-1.9nb6.tgz
NetBSD 9.0alphaike-scan-1.9nb7.tgz
NetBSD 9.0earmike-scan-1.9nb6.tgz
NetBSD 9.0earmv6hfike-scan-1.9nb7.tgz
NetBSD 9.0earmv6hfike-scan-1.9nb6.tgz
NetBSD 9.0earmv6hfike-scan-1.9nb6.tgz
NetBSD 9.0earmv7hfike-scan-1.9nb7.tgz
NetBSD 9.0earmv7hfike-scan-1.9nb6.tgz
NetBSD 9.0earmv7hfike-scan-1.9nb6.tgz
NetBSD 9.0i386ike-scan-1.9nb6.tgz
NetBSD 9.0i386ike-scan-1.9nb7.tgz
NetBSD 9.0m68kike-scan-1.9nb6.tgz
NetBSD 9.0m68kike-scan-1.9nb6.tgz
NetBSD 9.0mips64ebike-scan-1.9nb6.tgz
NetBSD 9.0powerpcike-scan-1.9nb7.tgz
NetBSD 9.0powerpcike-scan-1.9nb6.tgz
NetBSD 9.0powerpcike-scan-1.9nb6.tgz
NetBSD 9.0sh3elike-scan-1.9nb6.tgz
NetBSD 9.0sh3elike-scan-1.9nb6.tgz
NetBSD 9.0sparc64ike-scan-1.9nb6.tgz
NetBSD 9.0sparcike-scan-1.9nb6.tgz
NetBSD 9.0sparcike-scan-1.9nb6.tgz
NetBSD 9.0x86_64ike-scan-1.9nb7.tgz
NetBSD 9.0x86_64ike-scan-1.9nb6.tgz
NetBSD 9.3x86_64ike-scan-1.9nb6.tgz
NetBSD 9.3x86_64ike-scan-1.9nb7.tgz

Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.

Available build options

(none)

Known vulnerabilities

The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.

Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.


Problem reports, updates or suggestions for this package should be reported with send-pr.