Security Incidents mailing list archives
Re: Scans(?) 500->500 from China
From: TJ Jablonowski <t.jablonowski () MAIL-2-GO COM>
Date: Sat, 14 Oct 2000 11:35:32 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Correction to what I said - it is not turned on by default. Must of turned it on by accident. The buttons (options) are "attempt" (request secure communications but allow unsecure) "allow" (Do not request secure communications allow insecure) "require" (Require secure communications do not allow insecure) The default is "allow" What the saying - "if all else fails read the manual" - ----- Original Message ----- From: "TJ Jablonowski" <t.jablonowski () MAIL-2-GO COM> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Monday, October 09, 2000 19:52 Subject: Re: Scans(?) 500->500 from China
More on the port 500 scans with this thread and others Got the latest PGP Dekstop Client v7.0 . It has a feature built into the PGPnet to automatically attempt a secure connection. The three options are "attemp, allow, require" secure communications. From the log (sample below ) it appears to use IKE to initiate the secure connection. It attempted to create an association with every IP I contacted irregardless of the type of service (http,imap). It is turned on by default installation but can be turned off unless its locked by an corporate adminitrators kit (laptops). Could be an explanation to the sudden increase in port 500 detections PGPnet Log Monday, October 09, 2000 7:28:52 PMTime Event Address Message 10/9/2000 6:54:15 PM IKE xxx.131.1.27 No Proposals 10/9/2000 6:54:15 PM Service xxx.131.1.27 Unable to establish Security Association
-----BEGIN PGP SIGNATURE----- Version: PGP 7.0 iQA/AwUBOeh9QW+7g8loOAk5EQIJTQCgog91dIWvSaA3orum49E3UjlvECEAn0fG 8I9jsieeCfZ/6FkUpLgdnZNI =8QkM -----END PGP SIGNATURE-----
Current thread:
- Re: Scans(?) 500->500 from China TJ Jablonowski (Oct 10)
- <Possible follow-ups>
- Re: Scans(?) 500->500 from China TJ Jablonowski (Oct 15)