When performing audits you can simply sweep for UDP 500, which may indicate that a remote device is listening for IPSec connections, but that's about it. If you were looking for a bit more information you could use ike-scan which will interrogate the remote device and disclose the policy set (aka security parameters). Like most tools I blog about it's free and compact :)
IKE scan can be found:
http://www.nta-monitor.com/tools/ike-scan/
Sample output:
67.78.31.242 Main Mode Handshake returned HDR=(CKY-R=6e69a811525dc72e) SA=(Enc=3DES Hash=SHA1 Group=2:modp1024 Auth=PSK LifeType=Seconds LifeDuration=28800) VID=4048b7d56ebce88525e7de7f00d6c2d3c0000000 (IKE Fragmentation)
About Me
- Ryan Lindfield
- I live in Tampa, FL with my wonderful wife Desiree and super-dog Logan. I am now independent, working as a technical instructor, author and editor. I also perform network management, troubleshooting, and penetration testing throughout the year.
Subscribe To
Posts
Comments
No comments:
Post a Comment