Comments on: Ike-scan 1.8 Information Seepage http://www.cutawaysecurity.com/blog/archives/125 Cutaway's Observations, Opinions, Rants, Raves, Tantrums, and Tirades Wed, 02 Jun 2010 22:30:56 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Roy Hills http://www.cutawaysecurity.com/blog/archives/125/comment-page-1#comment-9107 Roy Hills Tue, 27 Mar 2007 09:01:40 +0000 http://www.cutawaysecurity.com/blog/archives/125#comment-9107 The offending code has been totally removed from version 1.9, and I would suggest that everyone upgrade to version 1.9 anyway because it's got lots of additional features. There's also an ike-scan wiki, which I hope gives some useful information. If you're interested in ike-scan, I'd suggest visiting it at http://www.nta-monitor.com/wiki (select the ike-scan link). If you register you can also contribute to the documentation, and add your comments to the talk pages. I'd really like to hear about any problems, new feature requests, strange responses Etc. Anyway, here is some historical information on this issue, for anyone who is interested: This issue was first reported by this Debian bug report against ike-scan 1.7: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327220 The code had been in every ike-scan version from 1.0 to 1.7 inclusive, although for 1.7 there was a workaround where using the --nodns option prevented the lookup. The "--disable-lookup" option was added in version 1.8, which caused the offending code to be #ifdef'ed out; and the code was removed entirely in version 1.9. I used to use the code for ike-scan testing, but it was never of any use outside my own test environment, and it was superseded by the autoconf "make check" tests around version 1.7 anyway. If anyone has additional questions or comments about ike-scan, you can contact me at: ike-scan (at) nta-monitor (dot) com or leave a comment on the appropriate wiki talk page. Roy Hills The offending code has been totally removed from version 1.9, and I would suggest that everyone upgrade to version 1.9 anyway because it’s got lots of additional features.

There’s also an ike-scan wiki, which I hope gives some useful information. If you’re interested in ike-scan, I’d suggest visiting it at http://www.nta-monitor.com/wiki (select the ike-scan link). If you register you can also contribute to the documentation, and add your comments to the talk pages. I’d really like to hear about any problems, new feature requests, strange responses Etc.

Anyway, here is some historical information on this issue, for anyone who is interested:

This issue was first reported by this Debian bug report against ike-scan 1.7:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327220

The code had been in every ike-scan version from 1.0 to 1.7 inclusive, although for 1.7 there was a workaround where using the –nodns option prevented the lookup. The “–disable-lookup” option was added in version 1.8, which caused the offending code to be #ifdef’ed out; and the code was removed entirely in version 1.9.

I used to use the code for ike-scan testing, but it was never of any use outside my own test environment, and it was superseded by the autoconf “make check” tests around version 1.7 anyway.

If anyone has additional questions or comments about ike-scan, you can contact me at:
ike-scan (at) nta-monitor (dot) com
or leave a comment on the appropriate wiki talk page.

Roy Hills

]]>