RE: Port 500 scans

["Britton, Jeff B." <JBBritton () LMUS LeggMason com>]

http://www.securityfocus.com/infocus/1821
Could be used in reconnaissance to detect the type of VPN technology you are
using.  The above link may be of help.

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: Monday, March 07, 2005 11:58 PM
To: klaus.dombrofsky () degussa com
Cc: incidents () securityfocus com
Subject: Re: Port 500 scans 


On Mon, 07 Mar 2005 11:19:39 +0100, klaus.dombrofsky () degussa com said:

> On my IDS i detected massive scans from single ip-addresses to different 
> ip-addresses with source  AND targetport 500.
> This scan uses alsmost the whole bandwith of our internet-access.
>
> Question:
> Does someone know any existing worm using a VPN-vulnerability ?

Would you believe some garden-variety scanning exploit running on some
random
0wned machine that has the "Always try using IPSec first" option set?

IMPORTANT:  The security of electronic mail  sent through the Internet 
is not guaranteed.  Legg Mason therefore recommends that you do not 
send confidential information to us via electronic mail, including social 
security numbers, account numbers, and personal identification numbers.    

Delivery, and timely delivery, of electronic mail is also not 
guaranteed.  Legg Mason therefore recommends that you do not send time-sensitive 
or action-oriented messages to us via electronic mail, including 
authorization to  "buy" or "sell" a security or instructions to conduct any 
other financial transaction.  Such requests, orders or instructions will 
not be processed until Legg Mason can confirm your instructions or 
obtain appropriate written documentation where necessary.