ipEye is a command-line driven port scanner written by Arne Vidstrom. It is a lightweight powerful tool, but only Windows-based. It can be downloaded from http://www.ntsecurity.nu/toolbox/ipeye/
Usage for ipEye is:
ipEye
where scantype can take value of: -syn = SCAN scan, -fin = FIN scan, -null = NULL scan, -xmas = Xmas scan
IPSecScan
IPSecScan is a tool that can scan either a single IP address or a range of IP addresses looking for system that are IPSec enabled. It can be downloaded from http://www.ntsecurity.nu/toolbox/ipsecscan/
IPSec is show for IP security. It is a set of protocol developed by the IETF to support secure exchange of packets at the IP layer.
IPSec = AH + ESP + IPcomp + IKE
- Authentication Header (AH) provides authenticity guarantee for packets, by attaching strong crypto checksum to packets. If a packet is received with AH and the checksum operation is successful, it indicates that the packet was originated by the expected peer (the packet was not generated by impersonator) and that the packet was not modified in transit. Unlike other protocols, AH covers the whole packet, from the IP header to the end of the packet.
- Encapsulating Security Payload (ESP) provides confidentiality guarantee for packets, by encrypting packets with encryption algorithms. If a packet is received with ESP and successfully decrypted, it indicates that the packet was not known by third party other than the sender and receiver.
- ESP provide encryption service to the packets. However, encryption tends to give negative impact to compression on the wire (such as ppp compression). IP Compression (IPcomp) provides a way to compress packet before encryption by ESP.
- AH and ESP need to share secret key between peers. To negotiation keys in secrecy, Internet Key Exchange (IKE) make this possible.
Transport mode encrypts only the data portion (payload) of each packet, but leaves the header unchanged. The more secure Tunnel mode encrypt both the header and the payload. On the receiving side, an IPSec-compliant device decrypts each packet.
For IPSec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Managment Protocol/Oakley (ISAKMP/Oakley), which allow the receiver to obtain a public key and authenticate the sender using digital certificates.
Security of IPSec protocols rely on the secrecy of secret keys. If secret keys are compromised, IPSec protocols is no longer be secure.
Reference for reader: Old IPSec suite - RFC1825, New IPSec suite - RFC2401.
沒有留言:
張貼留言