Re: Scans(?) 500->500 from China

[TJ Jablonowski <t.jablonowski () MAIL-2-GO COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

   Correction to what I said - it is not turned on by default. Must
of
 turned it on by accident.  The buttons (options) are

"attempt" (request secure communications but allow unsecure)
 "allow"    (Do not request secure communications allow insecure)
"require"  (Require secure communications do not allow insecure)

 The default is "allow"

   What the saying - "if all else fails read the manual"

 - ----- Original Message -----
 From: "TJ Jablonowski" <t.jablonowski () MAIL-2-GO COM>
 To: <INCIDENTS () SECURITYFOCUS COM>
 Sent: Monday, October 09, 2000 19:52
 Subject: Re: Scans(?) 500->500 from China


>   More on the port 500 scans with this thread and others
>
> Got the latest PGP Dekstop Client v7.0 . It has a feature built
> into the PGPnet to automatically attempt a secure connection. The
> three options are "attemp, allow, require" secure communications.
> From the log (sample below ) it appears to use IKE to initiate the
> secure connection. It attempted to create an association with every
> IP I contacted irregardless of the type of service (http,imap). It
> is turned on by default installation but can be turned off unless
> its locked by an corporate adminitrators kit (laptops).  Could be
> an explanation to the sudden increase in port 500 detections
>
> PGPnet Log
> Monday, October 09, 2000 7:28:52 PM
>
> > Time Event Address Message
> >
> > 10/9/2000 6:54:15 PM IKE         xxx.131.1.27 No Proposals
> > 10/9/2000 6:54:15 PM Service     xxx.131.1.27 Unable to establish
> > Security Association

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOeh9QW+7g8loOAk5EQIJTQCgog91dIWvSaA3orum49E3UjlvECEAn0fG
8I9jsieeCfZ/6FkUpLgdnZNI
=8QkM
-----END PGP SIGNATURE-----