Saudi Arabian Oil Company wanna connect with my lsass.exe via port 500

Welcome to the Comodo Forum

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 24, 2013, 02:33:54 AM

663873 Posts
70601 Topics
145237 Members
Latest Member: davidbilla

more news...

Welcome to the Comodo Forum

Learn about Computer Security and Interact with Security Experts

General Security Questions and Comments

Saudi Arabian Oil Company wanna connect with my lsass.exe via port 500

« previous next »

Pages: [1]

Author

Topic: Saudi Arabian Oil Company wanna connect with my lsass.exe via port 500 (Read 3679 times)

cricket

Comodo Family Member

Offline

Posts: 65

Saudi Arabian Oil Company wanna connect with my lsass.exe via port 500

« on: January 07, 2012, 09:22:35 AM »

I get few minutes ago a request, that someone from IP no. 166.87.251.21 want to connect with my lsass.exe process via port 500 UDP. What the heck?
I blocked this request but got frustrated about that fact. Now saudi arabians started to scan random ip's?


	Logged

Ronny

Product Translator
Global Moderator
Comodo's Hero

Offline

Posts: 13182

Volunteer Moderator

Re: Saudi Arabian Oil Company wanna connect with my lsass.exe via port 500

« Reply #1 on: January 07, 2012, 01:06:08 PM »

UDP 500 is used for IKE key exchange a protocol for VPN usage.
It might be a 'IKE scanner' that is looking for something, it might also be one of their servers is compromised and abused.

I'd make a complete block rule for this IP on the Firewall's blocked zone, just to be on the safe side.


	Logged

Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy - update Jan 3rd 2013!

Tags:

Pages: [1]

« previous next »

Jump to:

SSL Certificate

Free Virus Removal

Firewall

Page created in 0.045 seconds with 21 queries.

Design by 7dana.com