500 tcp isakmp 500 udp isakmp RFC2408 http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2408.html RFC2407 http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2407.html Some excellent information from MIT http://web.mit.edu/network/isakmp/ Joseph -----Original Message----- From: Nick [mailto:nick.lovett@xxxxxxxxxxxxxxxx] Sent: Tuesday, March 05, 2002 2:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] The Mysterious open port 500?? http://www.ISAserver.org Hi all, Culd someone help me out please. I have an ISA server machine, connected to a broadband cable modem with one Nic and my internal 192.168.x.x network with the other. I think I have pretty much nailed down the security on the External (cable) interface. All services are unbound from that card, packet filtering is enabled Etc Etc. Now, if I do a "Netstat -na" from the command prompt of the server, I see that all open tcp/ip connections (other than the http) are bound to the internal nic (great). Except there is always a UDP session on my external Interface using port 500! Thus : UDP 211.28.x.x:500 *:* Does anyone know what Port 500 is used for? I Cant find any information about port 500. Could it be a trojan horse? Thanks! Nick ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')