Re: UDP DoS attack in Win2k via IKE
From: Dan Irwin (dan@jackies.com.au)Date: 12/19/01
- Previous message: Rodrigo Barbosa: "Re: SSH Attempts: Link to RedHat?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Dan Irwin <dan@jackies.com.au> To: "'incidents@securityfocus.com'" <incidents@securityfocus.com> Date: Wed, 19 Dec 2001 13:00:33 +1000
Just noticed something unusual in my firewall logs.
I recieved a single packet (UDP/500) from who i think is a cable modem user.
[Dec 18 18:32:43]: Source: 24.78.42.104:500 Destination: w.x.y.z:500
Protocol: UDP
The desintation address is on a part of my network that has never been used,
so there really should be no reason for this. There has also only ever been
1 packet logged of this type.
Perhaps someone is port scanning for vulnerable IKE win2k machines. This
topic was discussed on bugtraq about a week ago.
Anyone else seen things like this in the past few days?
Dan
-- Dan Irwin - Systems Administrator Jackie's Wholesale Nurseries Pty Ltd Email: dan@jackies.com.au Phone: 07 3888 2481 Fax: 07 3888 2530 Postal: 10 Gleeson Road Burpengary Queensland 4505 Email: info@jackies.com.au Web: http://www.jackies.com.au---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Rodrigo Barbosa: "Re: SSH Attempts: Link to RedHat?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
