Security Incidents mailing list archives
Re: Probes on Port 500?
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Thu, 8 Mar 2001 12:17:06 -0500
On Thu, 8 Mar 2001, -mat- filid brandy wrote:
Mar 8 06:00:02 klammeraffe kernel: Packet log: input DENY eth0 PROTO=17 203.30.32.23:500 62.208.181.42:500 L=708 S=0x00 I=11327 F=0x0000 T=115 (#81)
proto 17 (UDP), port 500: isakmp 500/udp # ISAKMP key management most likely options: a) innocuous misconfigured IPsec gateway/node, either a typo or a really poor implementation b) somewhat scanning looking for IPsec gateways to abuse. OpenBSD recently had a problem in the kernel with IPsec stuff: http://www.openbsd.org/errata.html#ipsec_ah hope this helps. people have seen 500/UDP packets before, i don't recall what was the conclusion (ie malicious or a screwup on someone's part). ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- Probes on Port 500? -mat- filid brandy (Mar 08)
- Re: Probes on Port 500? Jason Witty (Mar 08)
- Re: Probes on Port 500? Jose Nazario (Mar 08)
- Re: Probes on Port 500? -mat- filid brandy (Mar 09)
- <Possible follow-ups>
- Re: Probes on Port 500? Suzanne . Hernandez (Mar 08)