I couldn't find it now, but i think last week someone mentioned that if the default setting on a W2k server is to attempt a secure connection, it will send out this 500/udp probe to try contact the other code and negotiate IKE. If you review your logs, you'll probably see this udp/500 probe quickly followed by attempted connection from the same host to port 80/tcp. HTH, -Gary- -----Original Message----- From: Suzi VP [mailto:checksecat_private] Sent: Thursday, August 02, 2001 9:49 AM To: incidentsat_private Subject: isakmp Has anyone else notice a sudden flood of udp/500 traffic? Is this related to CodeRed? Suzi __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 02 2001 - 12:17:11 PDT