Can that request, I did a further search of the archives and found "I couldn't find it now, but i think last week someone mentioned that if the default setting on a W2k server is to attempt a secure connection, it will send out this 500/udp probe to try contact the other code and negotiate IKE. If you review your logs, you'll probably see this udp/500 probe quickly followed by attempted connection from the same host to port 80/tcp." This looks like the sig. cheers Dean -----Original Message----- From: Dean Cunningham [mailto:Dean.Cunninghamat_private] Sent: Monday, 13 August 2001 11:49 a.m. To: 'incidentsat_private' Subject: IKE /HTTP exploit??? I am getting a few (300 in the last week) scans showing up in the firewall logs. These existed pre CR , but I am interested as to what the exploit is. Any pointers? regards Dean Summary: Source: 202.98.196.18 Destination: 202.36.123.140 Time NZST: 13 Aug 2001 10:57 to 10:58 (+1200) Time GMT: 12 Aug 2001 22:57 to 22:58 Protocols: IKE HTTP *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com *************************************************** This e-mail is not an official statement of the Waikato Regional Council unless otherwise stated. Visit our website http://www.ew.govt.nz *************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 07:17:42 PDT