Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Port 500 scans

from [Britton, Jeff B.] Network Security [Permanent Link]
Subject: RE: Port 500 scans
Date: Tue, 8 Mar 2005 12:27:02 -0500 
http://www.securityfocus.com/infocus/1821
Could be used in reconnaissance to detect the type of VPN technology you are
using.  The above link may be of help.

-----Original Message-----
From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
Sent: Monday, March 07, 2005 11:58 PM
To: klaus.dombrofsky@degussa.com
Cc: incidents@securityfocus.com
Subject: Re: Port 500 scans 


On Mon, 07 Mar 2005 11:19:39 +0100, klaus.dombrofsky@degussa.com said:


On my IDS i detected massive scans from single ip-addresses to different 
ip-addresses with source  AND targetport 500.
This scan uses alsmost the whole bandwith of our internet-access.

Question:
Does someone know any existing worm using a VPN-vulnerability ?


Would you believe some garden-variety scanning exploit running on some
random
0wned machine that has the "Always try using IPSec first" option set?

IMPORTANT:  The security of electronic mail  sent through the Internet 
is not guaranteed.  Legg Mason therefore recommends that you do not 
send confidential information to us via electronic mail, including social 
security numbers, account numbers, and personal identification numbers.    

Delivery, and timely delivery, of electronic mail is also not 
guaranteed.  Legg Mason therefore recommends that you do not send 
time-sensitive 
or action-oriented messages to us via electronic mail, including 
authorization to  "buy" or "sell" a security or instructions to conduct any 
other financial transaction.  Such requests, orders or instructions will 
not be processed until Legg Mason can confirm your instructions or 
obtain appropriate written documentation where necessary.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Port 500 scans, Valdis . Kletnieks
Next by Date:  Master RPC program number data base (/etc/rpc), Eilon Gishri
Previous by Thread:  Re: Port 500 scans, Valdis . Kletnieks
Next by Thread:  REVIEW: "Windows Forensics and Incident Recovery", Harlan Carvey, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]