Re: Port 500 scans
Valdis.Kletnieks_at_vt.edu
Date: 03/08/05
- Previous message: Rob, grandpa of Ryan, Trevor, Devon & Hannah: "REVIEW: "Windows Forensics and Incident Recovery", Harlan Carvey"
- In reply to: klaus.dombrofsky_at_degussa.com: "Port 500 scans"
- Next in thread: Britton, Jeff B.: "RE: Port 500 scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: klaus.dombrofsky@degussa.com Date: Mon, 07 Mar 2005 23:58:21 -0500
On Mon, 07 Mar 2005 11:19:39 +0100, klaus.dombrofsky@degussa.com said:
> On my IDS i detected massive scans from single ip-addresses to different
> ip-addresses with source AND targetport 500.
> This scan uses alsmost the whole bandwith of our internet-access.
>
> Question:
> Does someone know any existing worm using a VPN-vulnerability ?
Would you believe some garden-variety scanning exploit running on some random
0wned machine that has the "Always try using IPSec first" option set?
- application/pgp-signature attachment: stored
- Previous message: Rob, grandpa of Ryan, Trevor, Devon & Hannah: "REVIEW: "Windows Forensics and Incident Recovery", Harlan Carvey"
- In reply to: klaus.dombrofsky_at_degussa.com: "Port 500 scans"
- Next in thread: Britton, Jeff B.: "RE: Port 500 scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
