[Intrusions] EXPLOIT ISAKMP Attack
Joel Esler
eslerj at gmail.com
Tue Jun 28 14:04:39 GMT 2005
Everyone got excited about the whole "Stealing 40 million Credit
cards" and the skript kiddies want a piece of the c4rdz action.
/sarcasm
J
On 6/25/05, John Mulkerin <jmulkerin at keypointcu.com> wrote:
> All of a sudden, I'm seeing regular Port 500 attacks This is an older
> Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload
> Buffer Overflow attempt. Any one know of any trojans, or viruses that
> might be trying this. I'm seeing it from several
> IPs:71.109.123.242:500 , 206.72.72.29:500, & 24.23.161.111:500
>
> Here is an example: Sorry no payloads, yet.:
>
> [**] [1:2376:3] EXPLOIT ISAKMP first payload certificate request length
> overflow attempt [**]
> [Classification: Attempted Administrator Privilege Gain] [Priority: 1]
> 06/24-16:46:06.359154 206.72.72.29:500 -> Mygateway.IP.address::500 UDP
> TTL:109 TOS:0x0 ID:22593 IpLen:20 DgmLen:128
> Len: 100
> [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0040][Xref
> => http://www.securityfocus.com/bid/9582]
>
>
>
>
> John Mulkerin
> CTO
> KeyPoint Credit Union
> 408-731-4324
More information about the Intrusions
mailing list