Security Incidents mailing list archives
RE: isakmp
From: "Portnoy, Gary" <gportnoy () belenosinc com>
Date: Thu, 2 Aug 2001 14:19:42 -0400
I couldn't find it now, but i think last week someone mentioned that if the default setting on a W2k server is to attempt a secure connection, it will send out this 500/udp probe to try contact the other code and negotiate IKE. If you review your logs, you'll probably see this udp/500 probe quickly followed by attempted connection from the same host to port 80/tcp. HTH, -Gary- -----Original Message----- From: Suzi VP [mailto:checksec () yahoo com] Sent: Thursday, August 02, 2001 9:49 AM To: incidents () securityfocus com Subject: isakmp Has anyone else notice a sudden flood of udp/500 traffic? Is this related to CodeRed? Suzi __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- isakmp Suzi VP (Aug 02)
- <Possible follow-ups>
- RE: isakmp baudendist (Aug 02)
- Re: isakmp Valdis . Kletnieks (Aug 03)
- RE: isakmp Portnoy, Gary (Aug 02)