[Openvas-commits] r1346 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Sep 15 15:33:15 CEST 2008


Author: kost
Date: 2008-09-15 15:33:14 +0200 (Mon, 15 Sep 2008)
New Revision: 1346

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/ike-scan.nasl
Log:
fixes to report right port open



Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-09-15 13:17:18 UTC (rev 1345)
+++ trunk/openvas-plugins/ChangeLog	2008-09-15 13:33:14 UTC (rev 1346)
@@ -1,5 +1,9 @@
-2008-09-09  Vlatko Kosturjak <kost at linux.hr>
+2008-09-15  Vlatko Kosturjak <kost at linux.hr>
 
+	* scripts/ike-scan.nasl: fixes to report right port open
+
+2008-09-15  Vlatko Kosturjak <kost at linux.hr>
+
 	* scripts/pnscan.nasl, scripts/portbunny.nasl: Fixed leftovers
 	from experimental ID's to production ID's in error reporting
 

Modified: trunk/openvas-plugins/scripts/ike-scan.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ike-scan.nasl	2008-09-15 13:17:18 UTC (rev 1345)
+++ trunk/openvas-plugins/scripts/ike-scan.nasl	2008-09-15 13:33:14 UTC (rev 1346)
@@ -121,6 +121,11 @@
 diffiehellmangroupname["4"] = "EC2N-185";
 diffiehellmangroupname["5"] = "MODP-1536";
 
+# Not sure how much value there is in supporting IKE v2
+#ike2flag = script_get_preference("Use IKE v2");
+sourceportnumber = script_get_preference("Source port number");
+destinationportnumber = script_get_preference("Destination port number");
+
 function command_construct(_ike2flag, _sourceportnumber, _destinationportnumber, _checkmode, _fingerprintmode, _groupname, _encryptionalgorithm, _hashalgorithm, _authenticationmethod, _diffiehellmangroup, _maximumretry, _maximumtimeout, _destinationipaddress)
 {
 	_argumentcounter = 0;
@@ -167,7 +172,7 @@
 {
 	if ((_destinationipaddress >< _responsedata) && ("NO-PROPOSAL-CHOSEN" >!< _responsedata))
 	{
-		scanner_add_port(proto:"udp", port:500);
+		scanner_add_port(proto:"udp", port:destinationportnumber);
 		_data = "IPSEC VPN endpoint detected.
 
 " + _securitynote + "
@@ -175,21 +180,17 @@
 ike-scan returned:
 
 " + _responsedata;
-		security_note(proto:"udp", port:500, data:_data);
+		security_note(proto:"udp", port:destinationportnumber, data:_data);
 	}
 	else
 	{
 		if (_destinationipaddress >< _responsedata)
 		{
-			scanner_add_port(proto:"udp", port:500);
+			scanner_add_port(proto:"udp", port:destinationportnumber);
 		}
 	}
 }
 
-# Not sure how much value there is in supporting IKE v2
-#ike2flag = script_get_preference("Use IKE v2");
-sourceportnumber = script_get_preference("Source port number");
-destinationportnumber = script_get_preference("Destination port number");
 if (islocalhost() && (sourceportnumber == destinationportnumber)) {
 	scanner_status(current:4, total:4);
 	set_kb_item(name:"Host/scanned", value:TRUE);



More information about the Openvas-commits mailing list