New Posts  All Forums:Forum Nav:

IKE Security

post #1 of 3
Thread Starter 
Noticed these in the logs of my 2621 WAN facing device
Quote:
Jul 15 16:37:56.569: %CRYPTO-4-IKMP_NO_SA: IKE message from 94.181.174.212 has no SA and is not an initialization offer
Jul 15 17:36:12.862: %CRYPTO-4-IKMP_NO_SA: IKE message from 95.129.137.176 has no SA and is not an initialization offer
Jul 15 17:37:22.125: %CRYPTO-4-IKMP_NO_SA: IKE message from 95.129.137.176 has no SA and is not an initialization offer
Jul 16 03:48:56.092: %CRYPTO-4-IKMP_NO_SA: IKE message from 89.254.217.176 has no SA and is not an initialization offer

Russian IPs, I'm assuming this would be some sort of IKE tunnel connection attempt? I don't have a configuration for that traffic so no worries, was just curious as what kind of vulnerabilities this would be probing for outside of an insecure VPN configuration? I'm admittedly weak in the realm of IKE/IPsec
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
Waiting on X399
(13 items)
 
  
CPUMotherboardGraphicsRAM
AMD Phenom II B57 @ X4 3.9 Gigabyte 790FXTA-UD5 Sapphire Radeon 290 8 GB G.Skill 2133 
Hard DriveCoolingOSKeyboard
250 GB 840 EVO Noctua NH-D14 Windows 10 Logitech K350 
PowerCaseMouseMouse Pad
Seasonic x750 Corsair 600T Logitech G100s Razer Goliathus Speed 
Audio
Plantronics Gamecom 788 
  hide details  
Reply
post #2 of 3
Looks like a random scan for some vuln as you suspect, probably hit your whole netblock. Who knows what they're looking for, may be thus far unreported, but clearly you're on top of your logs and they aren't connecting through to anything so no harm done.
Nehalem
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 @ 4.3GHz Evga X58 3SLI 2X SLI Evga GTX 275 FTWs 756/1620/1296 6GB Mushkin Blackline 1600MHz 78720591T 
Hard DriveMonitorPower
OCZ Vertex2 60GB Sony FW900 Corsair 850TX 
  hide details  
Reply
Nehalem
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 @ 4.3GHz Evga X58 3SLI 2X SLI Evga GTX 275 FTWs 756/1620/1296 6GB Mushkin Blackline 1600MHz 78720591T 
Hard DriveMonitorPower
OCZ Vertex2 60GB Sony FW900 Corsair 850TX 
  hide details  
Reply
post #3 of 3
ooh a DoS attack
What router are you using? Theres a couple of unpatched stuff not fixed yet like the Cisco IOS 2921/K9 Router
Edited by Spooony - 7/17/11 at 11:10pm
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security