Re: What is port 500?

To: debian-security@lists.debian.org
Subject: Re: What is port 500?
From: Jeff <jcoppock1@home.com>
Date: Sun, 20 May 2001 09:43:26 -0700
Message-id: <20010520094326.A2365@home.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20010519101442.A31115@einstein.watersend>; from karl@jorgensen.com on Sat, May 19, 2001 at 10:14:42AM +0100
References: <20010519101442.A31115@einstein.watersend>

  According to the port list resources in this thread, port 500
  is isakmp (now referred to as ike).  It appears your ISP is
  trying to establish an IKE Security Association (SA) which is
  the first phase in bringing up an IPSec tunnel.  You should ask
  your ISP about their IPSec support.
  
  jc


Thusly Thwacked By Karl E. Jorgensen:
> Recently, logcheck alerted me to the following in my logs (sorry
> about the long lines):
> 
> May 17 17:06:48 localhost pppd[789]: pppd 2.4.1 started by karl, uid 1000
> May 17 17:07:14 localhost pppd[789]: Connect: ppp0 <--> /dev/modem
> May 17 17:07:14 localhost pppd[789]: Serial connection established.
> May 17 17:07:14 localhost pppd[789]: Using interface ppp0
> May 17 17:07:16 localhost pppd[789]: local  IP address 212.1.137.43
> May 17 17:07:16 localhost pppd[789]: remote IP address 212.1.128.28
> May 17 17:07:40 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12390 F=0x0000 T=50 (#29)
> May 17 17:07:56 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12391 F=0x0000 T=50 (#29)
> May 17 17:08:12 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12394 F=0x0000 T=50 (#29)
> May 17 17:08:30 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12395 F=0x0000 T=50 (#29)
> May 17 17:08:46 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=104 S=0x00 I=12404 F=0x0000 T=50 (#29)
> May 17 17:08:46 localhost kernel: Packet log: input REJECT ppp0 PROTO=17 194.7.187.90:500 212.1.137.43:500 L=96 S=0x00 I=12403 F=0x0000 T=50 (#29)
> 
> But I am at loss to what port 500/udp is? By the timings,
> (starting 30 seconds after connecting to my ISP), it actually
> looks like my ISP is trying to send those packets to me (the
> source IP is the other endpoint of my ppp connection).
> 
> Any ideas out there? Where I can I find an authoritative list of
> port numbers?
> -- 
> Karl E. Jørgensen
> karl@jorgensen.com
> www.karl.jorgensen.com
> ==== Today's fortune:
> Always draw your curves, then plot your reading.

Reply to:

Follow-Ups:
- Re: What is port 500?
  - From: Sami Juvonen <sjj@juvonen.org>

References:
- What is port 500?
  - From: "Karl E. Jorgensen" <karl@jorgensen.com>

Prev by Date: Re: What is port 500?
Next by Date: Re: LDAP, DMZ, private lan
Previous by thread: Re: What is port 500?
Next by thread: Re: What is port 500?
Index(es):
- Date
- Thread