|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: UDP to port 500
From: Mike Lyman (mlyman
west-point.org)
Date: Fri Jul 04 2003 - 10:39:51 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Its most likely a windows box, for some stupid reason they
> send out ISAKMP packets first to try to negotiate a secure
> connection. Then they default back to normal
> communication.
> Least this has been my experience...
As we began to roll out IPSec on our corporate network, it began to
trigger a lot of UDP port 500 activity on our HIDS systems. These may
become common place as more places adapt IPSec and their employee's
laptops then move outside their networks and operate on the internet
and still attempt the IPSec negotiation.
Mike Lyman
mlymanwest-point.org
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]