why is my port 500 listening to a remote ip I don't know

I'm using portExplorer and today I see that process Isass.exe is linstening on port 500 to ip 82.32.73.203:500 using UDP protocol.  I check the ip. It belongs to a company I have notthing to do with.  Can the expert please teach me on this one? OS: Windows 2000 Advance Server.
causewaybayAsked:
Who is Participating?
 
Jan SpringerConnect With a Mentor Commented:
I wouldn't bother.  Unless there's significant dollar loss, law enforcement won't be of any help.  And, my experience with reporting abuse to other networks, particularly foreign is just a waste of time -- and may even buy you more abuse.

There must be some way that you can define -- even loosely -- what ports you need open for outside and inside access to properly create a set of firewall rules.
0
 
Jan SpringerCommented:
udp port 500 used for isakmp -> vpn connection

Are your AV software engine and dat  files up to date?
0
 
causewaybayAuthor Commented:
yes I use nod32 that updates itself automatically everyday.  I also use Zone Alarm.  Should I block port 500?  On this computer I host a web server and an FTP server.  Sometimes I use this computer to download BT.  But I don't see why I need vpn or isakmp.  The web site I host is not an interactive one.  Please advise.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Jan SpringerCommented:
My gut is that you should firewall off all ports (could even be everything) that you do not want someone from the outside to establish a connection.

At a minimum, block TCP and UDP port 500 and scan your machine.  That IP with a connection to your machine is in the UK from what appears to be a cable customer.

Consider that you might be compromised and watch for connections leaving that machine once you block that port.  I've seen bad apps initiate a new connection from a newly firewalled machine and since that data has been established from the inside, the firewall lets it out.

What I also like to do is not only block what comes in but what ports on a machine can talk out.
0
 
causewaybayAuthor Commented:
Your suggestion is practical but this machine is hosting a web server and an ftp server.  The ftp server using port 21 is manually opened only when I demand it; but the web server is permanent and it is not only involving port 80, cause I'll be using interactive database as well.  Since none of the above is a serious business - they are more for experiment,  I don't mind loosening up the safety setting a little so I may study the traffic and learn more about security. The machine has worked safely over a few months until recently I start using it to download bitTorrent files.  I decide to reinstall the OS to make it clean (as I ghosted the C drive, reinstalling shouldn't be a time consuming task).  I shall post another thread asking for ports to close and open in my setting.  Do you think I shall report abuse with the ip address I got?
0
 
causewaybayAuthor Commented:
Dear Jesper, I disabled IPSec and that close port 500.  But you know what, the machine turn into an unbearable low speed; so all the same I have to reinstall it.  This time, I'll turn off IPSec right from the start.  Thank You!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.