North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
possible new DoS?
Over the past week the following error started to appear in the router logs; Mar 9 19:44:16 fe-0-1-100.blah.net 16: Mar 10 02:44:15.477: %CRYPTO-4-IKMP_NO_SA: IKE message from 188.8.131.52 has no SA and is not an initialization offer. According to Cisco, 1. %CRYPTO-4-IKMP_NO_SA: IKE message from [IP_address] has no SA and is not an initialization offer IKE maintains the current state for a communication in the form of security associations. No security association exists for the specified packet, and it is not an initial offer from the peer to establish one. This situation could indicate a denial-of-service attack. Any suggestions are appreciated. The router that generated those log files dropped part of an IGP routing table. Since I've never seen this log entry before, I'm curious whether it's a 'new' DoS. Thank you. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com