Security Incidents mailing list archives
RE: IKE /HTTP exploit???
From: Dean Cunningham <Dean.Cunningham () ew govt nz>
Date: Mon, 13 Aug 2001 12:46:52 +1200
Can that request, I did a further search of the archives and found "I couldn't find it now, but i think last week someone mentioned that if the default setting on a W2k server is to attempt a secure connection, it will send out this 500/udp probe to try contact the other code and negotiate IKE. If you review your logs, you'll probably see this udp/500 probe quickly followed by attempted connection from the same host to port 80/tcp." This looks like the sig. cheers Dean -----Original Message----- From: Dean Cunningham [mailto:Dean.Cunningham () ew govt nz] Sent: Monday, 13 August 2001 11:49 a.m. To: 'incidents () securityfocus com' Subject: IKE /HTTP exploit??? I am getting a few (300 in the last week) scans showing up in the firewall logs. These existed pre CR , but I am interested as to what the exploit is. Any pointers? regards Dean Summary: Source: 202.98.196.18 Destination: 202.36.123.140 Time NZST: 13 Aug 2001 10:57 to 10:58 (+1200) Time GMT: 12 Aug 2001 22:57 to 22:58 Protocols: IKE HTTP *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- IKE /HTTP exploit??? Dean Cunningham (Aug 12)
- <Possible follow-ups>
- RE: IKE /HTTP exploit??? Dean Cunningham (Aug 13)