Just noticed something unusual in my firewall logs. I recieved a single packet (UDP/500) from who i think is a cable modem user. [Dec 18 18:32:43]: Source: 24.78.42.104:500 Destination: w.x.y.z:500 Protocol: UDP The desintation address is on a part of my network that has never been used, so there really should be no reason for this. There has also only ever been 1 packet logged of this type. Perhaps someone is port scanning for vulnerable IKE win2k machines. This topic was discussed on bugtraq about a week ago. Anyone else seen things like this in the past few days? Dan -- Dan Irwin - Systems Administrator Jackie's Wholesale Nurseries Pty Ltd Email: danat_private Phone: 07 3888 2481 Fax: 07 3888 2530 Postal: 10 Gleeson Road Burpengary Queensland 4505 Email: infoat_private Web: http://www.jackies.com.au ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 08:47:02 PST