| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] security hole isakmp
hi,
i scanned the firewall with nessus and get the following result
. List of open ports :
o isakmp (500/udp) (Security hole found)
. Vulnerability found on port isakmp (500/udp) :
The remote IPSEC server seems to have a problem negotiating
bogus IKE requests.
An attacker may use this flaw to disable your VPN remotely
Solution: Contact your vendor for a patch
Risk factor:
High
if i view the firwall log i saw that the connection to udp/500 was rejected
if i make a tcpdump i saw that the port was unreachable
12:37:48.056664 scanner.1500 > firewall: udp 0
12:37:48.056684 firewall > scanner: icmp: 213.61.74.2 udp port 500
unreachable
-does anybody know why nessus find the hole?
-is there a workaround for this problem?
thx for help
Jo
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
