Last couple of days some of my hosts were probed for UDP port 500 (IKE daemon, used by IPSec for key exchange) from dialup IPs. Don't remember seeing similar probes before. Some new vaulnerability that script kiddies (and pro crackers) are trying out, or is this some old stuff? I do remember there were some security problems with racoon in the past (that were fixed in current CentOS ipsec-tools packages), but don't remember reading anywhere there were any automated tools to exploit it floating around. Or are there some new flaws discovered recently in some IKE implementations? ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Am Di, den 02.08.2005 schrieb Aleksandar Milivojevic um 23:06:> Last couple of days some of my hosts were probed for UDP port 500 (IKE daemon, > used by IPSec for key exchange) from dialup IPs. Don't remember seeing similar > probes before. Some new vaulnerability that script kiddies (and pro crackers) > are trying out, or is this some old stuff? I do remember there were some > security problems with racoon in the past (that were fixed in current CentOS > ipsec-tools packages), but don't remember reading anywhere there were any > automated tools to exploit it floating around. Or are there some new flaws > discovered recently in some IKE implementations?ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc Alexander -- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp Serendipity 00:32:04 up 18 days, 5:04, load average: 0.26, 0.26, 0.20 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil URL: <http://lists.centos.org/pipermail/centos/attachments/20050803/61c68c90/attachment-0002.sig>
On Wed, 2005-08-03 at 00:32 +0200, Alexander Dalloz wrote:> Am Di, den 02.08.2005 schrieb Aleksandar Milivojevic um 23:06: > > > Last couple of days some of my hosts were probed for UDP port 500 (IKE daemon, > > used by IPSec for key exchange) from dialup IPs. Don't remember seeing similar > > probes before. Some new vaulnerability that script kiddies (and pro crackers) > > are trying out, or is this some old stuff? I do remember there were some > > security problems with racoon in the past (that were fixed in current CentOS > > ipsec-tools packages), but don't remember reading anywhere there were any > > automated tools to exploit it floating around. Or are there some new flaws > > discovered recently in some IKE implementations? > > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc > > Alexander >What relevance to Centos 4.1 does this have? Ted