Overclock.net banner
Cancel
Create thread New Forums

IKE Security

Jump to Latest
1 - 3 of 3 Posts
B

beers

· Premium Member
Joined
·
16,100 Posts
Discussion starter · #1 ·
Noticed these in the logs of my 2621 WAN facing device
Quote:
Jul 15 16:37:56.569: %CRYPTO-4-IKMP_NO_SA: IKE message from 94.181.174.212 has no SA and is not an initialization offer
Jul 15 17:36:12.862: %CRYPTO-4-IKMP_NO_SA: IKE message from 95.129.137.176 has no SA and is not an initialization offer
Jul 15 17:37:22.125: %CRYPTO-4-IKMP_NO_SA: IKE message from 95.129.137.176 has no SA and is not an initialization offer
Jul 16 03:48:56.092: %CRYPTO-4-IKMP_NO_SA: IKE message from 89.254.217.176 has no SA and is not an initialization offer
Click to expand...
Russian IPs, I'm assuming this would be some sort of IKE tunnel connection attempt? I don't have a configuration for that traffic so no worries, was just curious as what kind of vulnerabilities this would be probing for outside of an insecure VPN configuration? I'm admittedly weak in the realm of IKE/IPsec
 
#2 ·
Looks like a random scan for some vuln as you suspect, probably hit your whole netblock. Who knows what they're looking for, may be thus far unreported, but clearly you're on top of your logs and they aren't connecting through to anything so no harm done.
 
1 - 3 of 3 Posts
About this Discussion
2 Replies
3 Participants
Last post:
Spooony
Overclock.net
posts
28M
members
562K
Since
2004
The premier forum for overclocking experts and enthusiasts. Discuss hardware optimization, custom builds, benchmarking, cooling solutions, and pushing the boundaries of computing performance. From beginner guides to extreme overclocking, join our technical community to master system tuning.
Full Forum Listing
Explore Our Forums
Intel CPUs Hardware News NVIDIA PC Gaming Water Cooling