Security Incidents mailing list archives
Re: weird 500/udp
From: Jason Witty <jason () WITTYS COM>
Date: Wed, 30 Aug 2000 15:53:29 -0500
David, UDP port 500 is used for the ISAKMP (now IKE) portion of IPSec (commonly used for VPN access). See http://www.faqs.org/rfcs/rfc2408.html for more information on ISAKMP. Most likely, these kiddies were looking for improperly configured IPSec VPN termination boxes that they could abuse to gain access to an internal network. Hope it helps. Jason BTW - http://www.wittys.com/files/all-ip-numbers.txt lists loads of ports and protocols (it's a compilation of findings of this list, as well as RFCs and IANA docs). Hope it's useful! David Myers wrote:
967537034 - 08/29/2000 04:17:14 Host: monster.radiotelcom.ru/212.48.143.12 Port: 500 UDP Blocked 967569428 - 08/29/2000 13:17:08 Host: mail.openleren.glr.nl/195.109.196.2 Port: 500 UDP Blocked 967614728 - 08/30/2000 01:52:08 Host: p3E9EDB02.dip.t-dialin.net/62.158.219.2 Port: 500 UDP Blocked anyone have any ideas? thanks, David Myers
Current thread:
- weird 500/udp David Myers (Aug 30)
- Re: weird 500/udp Jason Witty (Aug 30)
- Re: weird 500/udp Mark van Walraven (Aug 31)
- Re: weird 500/udp Max (Aug 31)