checking ISAKMPD and dependency of remote hosts on ISAKMPD
Hugo van der Kooij
hvdkooij at vanderkooij.org
Mon May 8 19:56:34 CEST 2006
On Sun, 7 May 2006, Jacob Yocom-Piatt wrote:
> to check UDP port 500, i've tried to list a service with "check_command
> check_udp!500". i cannot get this to work on the local or remote gateway. nagios
> issues the status information "No data was received from host!". when i issue a
> "nmap -P0 -sU -p 500 <either gateway>" i get
>
> PORT STATE SERVICE
> 500/udp open|filtered isakmp
This is to be expected with UDP. If the listening service checks the
incoming packet then there will never be a response as the UDP check
package will not match the required ISAKMP content.
So if one is to test the existing of ISAKMP then the check must attempt to
setup a VPN to make sure the first response will match the protocol. There
are scanners out there where you might wrap a small shell script around to
do the test remotely.
See also: http://www.nta-monitor.com/tools/ike-scan/
Hugo.
--
I hate duplicates. Just reply to the relevant mailinglist.
hvdkooij at vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list