[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] security hole isakmp
if you have enabled the VPN or IPSec function in the firewall, i think nessus had generated the false alert. Because as far as i know, the IPSec is using port 500/UDP for tunneling. ----- Original Message ----- From: "Jochen Vogel" <[email protected]> To: <[email protected]> Sent: Thursday, May 02, 2002 5:44 PM Subject: [FW-1] security hole isakmp > hi, > > i scanned the firewall with nessus and get the following result > > . List of open ports : > o isakmp (500/udp) (Security hole found) > > . Vulnerability found on port isakmp (500/udp) : > > > The remote IPSEC server seems to have a problem negotiating > bogus IKE requests. > > An attacker may use this flaw to disable your VPN remotely > > Solution: Contact your vendor for a patch > Risk factor: > High > > if i view the firwall log i saw that the connection to udp/500 was rejected > > if i make a tcpdump i saw that the port was unreachable > 12:37:48.056664 scanner.1500 > firewall: udp 0 > 12:37:48.056684 firewall > scanner: icmp: 213.61.74.2 udp port 500 > unreachable > > -does anybody know why nessus find the hole? > -is there a workaround for this problem? > > thx for help > Jo > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|