Security Incidents mailing list archives
RE: Port 500 scans
From: "Britton, Jeff B." <JBBritton () LMUS LeggMason com>
Date: Tue, 8 Mar 2005 12:27:02 -0500
http://www.securityfocus.com/infocus/1821 Could be used in reconnaissance to detect the type of VPN technology you are using. The above link may be of help. -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Monday, March 07, 2005 11:58 PM To: klaus.dombrofsky () degussa com Cc: incidents () securityfocus com Subject: Re: Port 500 scans On Mon, 07 Mar 2005 11:19:39 +0100, klaus.dombrofsky () degussa com said:
On my IDS i detected massive scans from single ip-addresses to different ip-addresses with source AND targetport 500. This scan uses alsmost the whole bandwith of our internet-access. Question: Does someone know any existing worm using a VPN-vulnerability ?
Would you believe some garden-variety scanning exploit running on some random 0wned machine that has the "Always try using IPSec first" option set? IMPORTANT: The security of electronic mail sent through the Internet is not guaranteed. Legg Mason therefore recommends that you do not send confidential information to us via electronic mail, including social security numbers, account numbers, and personal identification numbers. Delivery, and timely delivery, of electronic mail is also not guaranteed. Legg Mason therefore recommends that you do not send time-sensitive or action-oriented messages to us via electronic mail, including authorization to "buy" or "sell" a security or instructions to conduct any other financial transaction. Such requests, orders or instructions will not be processed until Legg Mason can confirm your instructions or obtain appropriate written documentation where necessary.
Current thread:
- Port 500 scans klaus . dombrofsky (Mar 07)
- Re: Port 500 scans Valdis . Kletnieks (Mar 08)
- <Possible follow-ups>
- RE: Port 500 scans Britton, Jeff B. (Mar 08)