Re: Port 500 scans

[Valdis.Kletnieks () vt edu]

On Mon, 07 Mar 2005 11:19:39 +0100, klaus.dombrofsky () degussa com said:

> On my IDS i detected massive scans from single ip-addresses to different 
> ip-addresses with source  AND targetport 500.
> This scan uses alsmost the whole bandwith of our internet-access.
>
> Question:
> Does someone know any existing worm using a VPN-vulnerability ?

Would you believe some garden-variety scanning exploit running on some random
0wned machine that has the "Always try using IPSec first" option set?

Attachment: _bin
Description: