RE: Port 500 scans

From: Britton, Jeff B. (JBBritton_at_LMUS.LeggMason.com)
Date: 03/08/05

Next message: Eilon Gishri: "Master RPC program number data base (/etc/rpc)"

Previous message: Valdis.Kletnieks_at_vt.edu: "Re: Port 500 scans"
Maybe in reply to: klaus.dombrofsky_at_degussa.com: "Port 500 scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Valdis.Kletnieks@vt.edu'" <Valdis.Kletnieks@vt.edu>, klaus.dombrofsky@degussa.com
Date: Tue, 8 Mar 2005 12:27:02 -0500

http://www.securityfocus.com/infocus/1821
Could be used in reconnaissance to detect the type of VPN technology you are
using. The above link may be of help.

-----Original Message-----
From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
Sent: Monday, March 07, 2005 11:58 PM
To: klaus.dombrofsky@degussa.com
Cc: incidents@securityfocus.com
Subject: Re: Port 500 scans

On Mon, 07 Mar 2005 11:19:39 +0100, klaus.dombrofsky@degussa.com said:

> On my IDS i detected massive scans from single ip-addresses to different
> ip-addresses with source AND targetport 500.
> This scan uses alsmost the whole bandwith of our internet-access.
>
> Question:
> Does someone know any existing worm using a VPN-vulnerability ?

Would you believe some garden-variety scanning exploit running on some
random
0wned machine that has the "Always try using IPSec first" option set?

IMPORTANT: The security of electronic mail sent through the Internet
is not guaranteed. Legg Mason therefore recommends that you do not
send confidential information to us via electronic mail, including social
security numbers, account numbers, and personal identification numbers.

Delivery, and timely delivery, of electronic mail is also not
guaranteed. Legg Mason therefore recommends that you do not send time-sensitive
or action-oriented messages to us via electronic mail, including
authorization to "buy" or "sell" a security or instructions to conduct any
other financial transaction. Such requests, orders or instructions will
not be processed until Legg Mason can confirm your instructions or
obtain appropriate written documentation where necessary.

Next message: Eilon Gishri: "Master RPC program number data base (/etc/rpc)"

Previous message: Valdis.Kletnieks_at_vt.edu: "Re: Port 500 scans"
Maybe in reply to: klaus.dombrofsky_at_degussa.com: "Port 500 scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: for command
... Legg Mason Wood Walker, Inc. ... The security of electronic mail sent through the Internet ... Such requests, orders or instructions will ...
(AIX-L)
Re: [Q] Delete file get "parameter too long"
... The security of electronic mail sent through the Internet ... Legg Mason therefore recommends that you do not ... Such requests, orders or instructions will ...
(AIX-L)
Re: risk of staying on aix433 after dec 31st
... The security of electronic mail sent through the Internet ... Legg Mason therefore recommends that you do not ... Such requests, orders or instructions will ...
(AIX-L)
Re: Replacing pSseries 660 Model 6H1 (7026-6H1) 4-way processor w ith 6-way processor
... The security of electronic mail sent through the Internet ... Legg Mason therefore recommends that you do not ... Such requests, orders or instructions will ...
(AIX-L)
Re: [Q] Delete file get "parameter too long"
... The security of electronic mail sent through the Internet ... Legg Mason therefore recommends that you do not ... Such requests, orders or instructions will ...
(AIX-L)