Security Incidents mailing list archives

Probes on Port 500?

From: -mat- filid brandy <brandy () klammeraffe org>
Date: Thu, 8 Mar 2001 07:07:12 +0100

Slan,

since two weeks now I am getting this traffic every half an hour. It is
firewalled, so it does no harm, but does anyone knows about similar
probes?

Security Violations
=-=-=-=-=-=-=-=-=-=
Mar  8 06:00:02 klammeraffe kernel: Packet log: input DENY eth0 PROTO=17
203.30.32.23:500 62.208.181.42:500 L=708 S=0x00 I=11327 F=0x0000 T=115 (#81)
Mar  8 06:00:03 klammeraffe kernel: Packet log: input DENY eth0 PROTO=17
203.30.32.23:500 62.208.181.42:500 L=708 S=0x00 I=11370 F=0x0000 T=115 (#81)
Mar  8 06:00:05 klammeraffe kernel: Packet log: input DENY eth0 PROTO=17
203.30.32.23:500 62.208.181.42:500 L=708 S=0x00 I=11398 F=0x0000 T=115 (#81)
Mar  8 06:00:09 klammeraffe kernel: Packet log: input DENY eth0 PROTO=17
203.30.32.23:500 62.208.181.42:500 L=708 S=0x00 I=11412 F=0x0000 T=115 (#81)
Mar  8 06:00:17 klammeraffe kernel: Packet log: input DENY eth0 PROTO=17
203.30.32.23:500 62.208.181.42:500 L=708 S=0x00 I=11479 F=0x0000 T=115 (#81)
Mar  8 06:00:33 klammeraffe kernel: Packet log: input DENY eth0 PROTO=17
203.30.32.23:500 62.208.181.42:500 L=708 S=0x00 I=11751 F=0x0000 T=115 (#81)
Mar  8 06:01:05 klammeraffe kernel: Packet log: input DENY eth0 PROTO=17
203.30.32.23:500 62.208.181.42:500 L=84 S=0x00 I=13238 F=0x0000 T=115 (#81)

Slainte agus saol agat,
        -mat-

PS:
When I hear a man applauded by the mob I always feel a pang of pity
for him.  All he has to do to be hissed is to live long enough.
                -- H.L. Mencken, "Minority Report"

--
-mat- filid brandy   brandy () klammeraffe org   MB210-RIPE
http://www.klammeraffe.org/~brandy/info/
PGP PUBLIC KEY CODE NUMBER E4118785
PGP fingerprint = D8102D77AA40514A6F610671297C5AB4

Current thread:

Probes on Port 500? -mat- filid brandy (Mar 08)
- Re: Probes on Port 500? Jason Witty (Mar 08)
- Re: Probes on Port 500? Jose Nazario (Mar 08)
- Re: Probes on Port 500? -mat- filid brandy (Mar 09)
- <Possible follow-ups>
- Re: Probes on Port 500? Suzanne . Hernandez (Mar 08)