Prev: controlfile.rb
Next: What is this software?
From: alwaysquestions on 3 Aug 2006 01:27
TCPview reflects:


LSASS.EXE:256 UDP 4500
LSASS.EXE:256 UDP user:isakmp


Is this normal or should I close the ports?


(Please excuse the crosspost as I did a google group search and very few
people responded to this question when someone else asked it a few years
ago. It can't hurt to get a real discourse going for future searches).

I know that isakmp is a key management policy but some sites mention
vulnerability where it's concerned.
From: David H. Lipman on 3 Aug 2006 16:31
From: <alwaysquestions(a)yahoonospam.net>

| TCPview reflects:
|
| LSASS.EXE:256 UDP 4500
| LSASS.EXE:256 UDP user:isakmp
|
| Is this normal or should I close the ports?
|
| (Please excuse the crosspost as I did a google group search and very few
| people responded to this question when someone else asked it a few years
| ago. It can't hurt to get a real discourse going for future searches).
|
| I know that isakmp is a key management policy but some sites mention
| vulnerability where it's concerned.

LSASS normally listens on UDP port 4500, normal.

What is the port number for; isakmp ?
Is it UDP 500

I think this is normal for a NT based OS.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


From: Ant on 3 Aug 2006 17:48
<alwaysquestions(a)yahoonospam.net> wrote:

> LSASS.EXE:256 UDP 4500
> LSASS.EXE:256 UDP user:isakmp
>
> Is this normal or should I close the ports?

They're not open on my system (Win2k), but then I'm not running the
IPSec service.

From the IANA port list:

Keyword Decimal Description
------- ------- -----------

isakmp 500/tcp isakmp
isakmp 500/udp isakmp

ipsec-msft 4500/tcp Microsoft IPsec NAT-T
ipsec-msft 4500/udp Microsoft IPsec NAT-T


From: David H. Lipman on 3 Aug 2006 20:01
From: "Ant" <not(a)home.today>

| <alwaysquestions(a)yahoonospam.net> wrote:
|
>> LSASS.EXE:256 UDP 4500
>> LSASS.EXE:256 UDP user:isakmp
>>
>> Is this normal or should I close the ports?
|
| They're not open on my system (Win2k), but then I'm not running the
| IPSec service.
|
| From the IANA port list:
|
| Keyword Decimal Description
| ------- ------- -----------
|
| isakmp 500/tcp isakmp
| isakmp 500/udp isakmp
|
| ipsec-msft 4500/tcp Microsoft IPsec NAT-T
| ipsec-msft 4500/udp Microsoft IPsec NAT-T
|

I am and it's normal.

Interestingly, my etc/services table does not define udp port 500 as 'isakmp'.
My etc/service table indicates 'sytek'
Additionally, my PC is also NOT listening on TCP ports 500 and 4500, only UDP.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


From: Ant on 3 Aug 2006 21:11
"David H. Lipman" wrote:

> From: "Ant" <not(a)home.today>
>| They're not open on my system (Win2k), but then I'm not running the
>| IPSec service.

> I am and it's normal.

Normal if you're running IPSec, presumably. The service doesn't run by
default on W2k, AFAIR (I've disabled so much stuff it's difficult to
recall). Don't know about eX Pee.

> Interestingly, my etc/services table does not define udp port 500 as 'isakmp'.
> My etc/service table indicates 'sytek'

Mine says:
isakmp 500/udp ike #Internet Key Exchange


 |  Next  |  Last
Pages: 1 2
Prev: controlfile.rb
Next: What is this software?