Re: Never seen this before?
From: Derek Nash (derek@nashworld.net)Date: 09/06/02
- Next message: See signature below: "Re: thanks to mhicaoidh!"
- Previous message: Obiwankenobi: "Check Point SecurePlatform (Linux) FP2 with ClusterXL and static NAT, anyone ?"
- In reply to: -lone_wolf-: "Never seen this before?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Derek Nash" <derek@nashworld.net> Date: Fri, 6 Sep 2002 14:18:48 -0500
UDP port 500 is Internet Key Exchange (IKE) protocol which is most commonly
seen in the setup of a VPN connection. If you are running some VPN software
or using the Windows VPN connection you would see traffic like this. It
could also be a new undocumented exploit. :)
"-lone_wolf-" <-lone_wolf-@NO_SPAMexcite.com> wrote in message
news:I96e9.275803$f05.14724360@news1.calgary.shaw.ca...
> Would someone be able to explain what this message was on my firewall
> (in layman's terms?)
>
> TIME: 09/06/2002 10:54:46
> ACTION: Blocked
> PROTOCOL: UDP
> DIRECTION: Incoming
> DESTINATION HOST: 24.76.248.XXX
> DESTINATION PORT: 500
> SOURCE IP: 24.76.169.XXX
> SOURCE PORT: 500
> APPLICATION INVOLVED: C:\WINDOWS\system32\lsass.exe
> COUNT: 1
> BEGIN TIME: 09/06/2002 10:54:11
> END TIME: 09/06/2002 10:54:11
> RULE NAME:
> GUI%GUICONFIG#SRULE@APPCONFIG-TCP#C:\WINDOWS\System32\LSASS.EXE
>
> Thanks in advance
>
> John
>
>
- Next message: See signature below: "Re: thanks to mhicaoidh!"
- Previous message: Obiwankenobi: "Check Point SecurePlatform (Linux) FP2 with ClusterXL and static NAT, anyone ?"
- In reply to: -lone_wolf-: "Never seen this before?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
