Re: UDP DoS attack in Win2k via IKE

[Dan Irwin <dan () jackies com au>]

Just noticed something unusual in my firewall logs.

I recieved a single packet (UDP/500) from who i think is a cable modem user.

[Dec 18 18:32:43]: Source: 24.78.42.104:500  Destination: w.x.y.z:500
Protocol: UDP

The desintation address is on a part of my network that has never been used,
so there really should be no reason for this. There has also only ever been
1 packet logged of this type.

Perhaps someone is port scanning for vulnerable IKE win2k machines. This
topic was discussed on bugtraq about a week ago. 

Anyone else seen things like this in the past few days?

Dan


--
Dan Irwin - Systems Administrator
Jackie's Wholesale Nurseries Pty Ltd
Email: dan () jackies com au
Phone: 07 3888 2481
Fax: 07 3888 2530
Postal: 10 Gleeson Road Burpengary Queensland 4505
Email: info () jackies com au
Web: http://www.jackies.com.au


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com