Security Incidents mailing list archives
Re: Port 500 scans
From: Valdis.Kletnieks () vt edu
Date: Mon, 07 Mar 2005 23:58:21 -0500
On Mon, 07 Mar 2005 11:19:39 +0100, klaus.dombrofsky () degussa com said:
On my IDS i detected massive scans from single ip-addresses to different ip-addresses with source AND targetport 500. This scan uses alsmost the whole bandwith of our internet-access. Question: Does someone know any existing worm using a VPN-vulnerability ?
Would you believe some garden-variety scanning exploit running on some random 0wned machine that has the "Always try using IPSec first" option set?
Attachment:
_bin
Description:
Current thread:
- Port 500 scans klaus . dombrofsky (Mar 07)
- Re: Port 500 scans Valdis . Kletnieks (Mar 08)
- <Possible follow-ups>
- RE: Port 500 scans Britton, Jeff B. (Mar 08)