$Id: NEWS,v 1.7 2004/01/14 15:31:01 rsh Exp $

This file gives a brief overview of the major changes between each ike-scan
release.  For more details please read the ChangeLog file.

ike-scan v1.6:

* ike-scan will now display multiple Vendor ID payloads if the server sends
  more than one.  Previously, it would only display the first Vendor ID and
  ignore the others.

* Added support for ISAKMP lifetime size transform attribute with the
  --lifesize (-z) option.  This is specified as kilobytes.  The default is
  0 which means don't include the lifetime size attribute.

* Added support for GSS IDs with --gssid (-G) option.  GSS IDs are described in
  draft-ietf-ipsec-isakmp-gss-auth-07.txt.  This is used by Windows-2000
  IPsec for Kerberos authentication.

* Allow target hosts to be specified as IPnet/bits to include all hosts in
  the given network, or IPstart-IPend to include all hosts in the inclusive
  range as well as single hostnames or IP addresses.

* Added support for Vendor ID fingerprinting.  The file "ike-vendor-ids"
  contains a list of known Vendor ID patterns, specified as Posix extended
  regular expressions.  These are used to match against the ascii hex
  representation of any returned Vendor IDs, and the name of the entry is
  displayed if a match is found.

* SA transform attributes and ID payloads are now decoded, and basic details
  (name and size) are displayed for payload types that we don't decode yet.
  Added --quiet option to prevent this decoding if it's not required.
  Added --multiline option to split the decode over multiple lines - one line
  per payload.  With --multiline, each payload decode line starts with a TAB.

ike-scan v1.5.1:

* Fixed a bug which could cause a negative value to be passed to select()
  when collecting backoff fingerprints.  This would result in select()
  returning EINVAL.

ike-scan v1.5:

* Aggressive mode is now supported.  The --aggressive (-A) option specifies
  aggressive mode.

* The --trans option can be specified multiple times to generate an arbitary
  number of custom transforms in the ISAKMP SA Proposal.

* The --vendor option can be specified multiple times to generate an arbitary
  number of Vendor ID payloads.

* UDP engine improvements: Dynamically adjust select() timeout, removing the
  need for a --selectwait argument; keep track of cumulative timing error, and
  use this to adjust the timing to compensate; calculate timings in
  microseconds rather than milliseconds to improve accuracy; and some minor
  tuning.

ike-scan v1.4:

* Two additions to permit Vendor ID fingerprinting.
  1. Allow the specification of an arbitary Vendor ID payload using the
     --vendor option.
  2. Display any Vendor ID payload returned by the target host.

ike-scan v1.3:	(Unofficial release)

* Added support for per-pattern-entry fuzz values in the backoff patterns
  file which allows more complex backoff patterns to be matched.
* Added new backoff patterns for "watchguard-soho" and "sonicwall-pro".

ike-scan v1.2:

* Fixed format string vulnerability in syslog() call.
* ike-scan now builds and runs on HP Tru64 Unix.

ike-scan v1.1:

* Added new backoff patterns for Cisco Concentrator and isakmpd.
* ike-scan now builds and runs on Windows/Cygwin, old libc5 Linux systems, and
  Solaris 2.8 / SPARC.
* Windows command-line binary released.

ike-scan v1.0: (Initial release)

* Compiles and runs on Debian Linux 2.2 "potato" and 3.0 "woody", FreeBSD 4.3,
  and OpenBSD 3.1.
