SUC009 : Activities on source port 500 destination port 500/UDP

  • Use Case Reference : SUC009
  • Use Case Title : Activities on source port 500 destination port 500/UDP
  • Use Case Detection : Firewall / IDS
  • Attacker Class : Opportunists / Targeting Opportunists / Professional
  • Attack Sophistication : Unsophisticated / Low / Mid-High
  • Identified tool(s) : Possible ike-scan
  • Source IP(s) : Random
  • Source Countries : Random
  • Source Port(s) : 500/UDP
  • Destination Port(s) : 500/UDP

Possible(s) correlation(s) :

  • This UDP destination port is related to IKE isakmp. Often detected as an DoS attempt on Win2000.
  • ike-scan

Sources :

24 hours 500 destination port events
24 hours 500 destination port events
1 week destination port 500 event
1 week destination port 500 event
1 month destination port 500 events
1 month destination port 500 events
1 year destination port 500 events
1 year destination port 500 events
source ports repartition for destination port 500
source ports repartition for destination port 500
source countries repartition for destination port 500
source countries repartition for destination port 500