Nmap Development mailing list archives
OpenVPN probes and script question
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 29 Jan 2010 21:42:39 +0100
Hi all, I'm toying around with OpenVPN for the moment and I've implemented probes that detect it running on both UDP and TCP. As far as I can tell it's only possible to detect it if it's running in PKI mode eg. not using static keys. The reason for this is that when running with a static key, if the receiving part receives a message it can't decrypt it simply doesn't answer. There does not appear to be any kind of handshake that could be triggered when running in this mode. But, I'm implementing it based on packet dumps between two test systems so I could be wrong. Apart from the probes I've implemented a script (it's kind of rough for the moment) that retrieves the remote certificate. However, the certificate is ASN encoded. So I guess my question is (before I start re-inventing the wheel (again)), could I call openssl from lua to decode it? I've looked at ssl-cert.nse but it seems to get the cert already decoded in a table. Regarding the probes, I appended some text to the end of the byte sequence of the UDP probe in order to trigger an error, rather than having OpenVPN waiting for additional UDP packets. Without this text, two scans in a row will fail because the service is waiting for more packets until a certain timeout occurs. Oh, and one last thing, this message got me a bit curious as it's triggered by the probes, but so far I haven't lost any connection on other clients when it appears: Fri Jan 29 21:36:39 2010 SIGUSR1[soft,tls-error] received, process restarting I'm attaching a patch for the probes and a few signatures if someone wants to improve the match lines. //Patrik -- Patrik Karlsson http://www.cqure.net
Attachment:
openvpn-probe.patch
Description:
Attachment:
openvpn-signatures.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- OpenVPN probes and script question Patrik Karlsson (Jan 29)
- Re: OpenVPN probes and script question David Fifield (Jan 29)
- Re: OpenVPN probes and script question Patrik Karlsson (Jan 29)
- Re: OpenVPN probes and script question David Fifield (Feb 02)
- Re: OpenVPN probes and script question Patrik Karlsson (Feb 03)
- Re: OpenVPN probes and script question David Fifield (Jan 29)