[CentOS] probes on udp port 500

Tue Aug 2 21:06:15 UTC 2005
Aleksandar Milivojevic <alex at milivojevic.org>

Last couple of days some of my hosts were probed for UDP port 500 (IKE daemon,
used by IPSec for key exchange) from dialup IPs.  Don't remember seeing similar
probes before.  Some new vaulnerability that script kiddies (and pro crackers)
are trying out, or is this some old stuff?  I do remember there were some
security problems with racoon in the past (that were fixed in current CentOS
ipsec-tools packages), but don't remember reading anywhere there were any
automated tools to exploit it floating around.  Or are there some new flaws
discovered recently in some IKE implementations?

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.