[CentOS] probes on udp port 500

Tue Aug 2 23:25:54 UTC 2005
Ted Kaczmarek <tedkaz at optonline.net>

On Wed, 2005-08-03 at 01:21 +0200, Alexander Dalloz wrote:
> Am Mi, den 03.08.2005 schrieb Ted Kaczmarek um 1:14:
> > On Wed, 2005-08-03 at 00:32 +0200, Alexander Dalloz wrote:
> > > Am Di, den 02.08.2005 schrieb Aleksandar Milivojevic um 23:06:
> > > 
> > > > Last couple of days some of my hosts were probed for UDP port 500 (IKE daemon,
> > > > used by IPSec for key exchange) from dialup IPs.  Don't remember seeing similar
> > > > probes before.  Some new vaulnerability that script kiddies (and pro crackers)
> > > > are trying out, or is this some old stuff?  I do remember there were some
> > > > security problems with racoon in the past (that were fixed in current CentOS
> > > > ipsec-tools packages), but don't remember reading anywhere there were any
> > > > automated tools to exploit it floating around.  Or are there some new flaws
> > > > discovered recently in some IKE implementations?
> > > 
> > > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc
> > > 
> > > Alexander
> > > 
> > What relevance to Centos 4.1 does this have?
> > 
> > Ted
> 
> Do script kids in first instance care for the OS of the target host when
> they run scripts? My reply was meant as a possible return to the part "
> Some new vaulnerability that script kiddies (and pro crackers) re trying
> out, or is this some old stuff?".
> 
> Alexander
> 
Loud and clear :-)

Ted