Unusual message from firewall

[Vance Roos]

While downloading some Usenet articles from the Ney on my XP Pro
system, I got the following message from my Sygate Pro firewall
(version 5.0).


--- QUOTE ----

LSA Shell [Export Version] is being connected by the remote machine
[80.116.234.103] using local port 500 (ISAKMP - Internet Security
Association and Key Management/IPSEC Key Exchange). Do you want to
allow this program to access the network?

C\WINDOWS\SYSTEM32\LSASS.EXE

--- END QUOTE ----


What was trying to access the net through the firewall? Was it
legit? Was it spyware?

Thanks for any info.

 

[CS]

On Tue, 22 Jul 2003 23:55:55 +0100, Vance Roos <[email protected]>
wrote:

I have no idea what it was - but when Sygate warns of some program
which is unfamiliar to me, I just say no. Don't worry about it, it
may have been something legitimate, but why take chances?

 

[Walter Roberson]

:While downloading some Usenet articles from the Ney on my XP Pro
:system, I got the following message from my Sygate Pro firewall

:LSA Shell [Export Version] is being connected by the remote machine
:[80.116.234.103] using local port 500 (ISAKMP - Internet Security
:Association and Key Management/IPSEC Key Exchange).

Notice it says it is being contacted by a remote machine. The implication
is that while you *happened* to be doing <whatever>, someone/something at
80.116.234.103 probed your udp 500 port. The attempted access probably
had nothing to do with any activity of yours.

:What was trying to access the net through the firewall? Was it
:legit? Was it spyware?

% This is the RIPE Whois server.
inetnum: 80.116.128.0 - 80.116.255.255
netname: TINIT-ADSL-LITE
descr: Telecom Italia

Unless you happen to have been accessing a slow-speed ADSL (512 Kb max
upload speed) based host in Italy, chances are good that the
access attempt Should Not Have Happened.

 

[Bjorn Randell]

While downloading some Usenet articles from the Ney on my XP Pro
system, I got the following message from my Sygate Pro firewall
(version 5.0).


--- QUOTE ----

LSA Shell [Export Version] is being connected by the remote machine
[80.116.234.103] using local port 500 (ISAKMP - Internet Security
Association and Key Management/IPSEC Key Exchange). Do you want to
allow this program to access the network?

C\WINDOWS\SYSTEM32\LSASS.EXE

--- END QUOTE ----


What was trying to access the net through the firewall? Was it
legit? Was it spyware?

It was legit, no spyware. Type EXEs name into Google for proof.

The remote machine was trying to see if you would like to talk to it in an
IPSEC encrypted fashion. Check your local security policy and turn off
client-respond if you don't want this to happen in future.

 

[Vance Roos]

While downloading some Usenet articles from the Ney on my XP
Pro system, I got the following message from my Sygate Pro
firewall (version 5.0).


--- QUOTE ----

LSA Shell [Export Version] is being connected by the remote
machine [80.116.234.103] using local port 500 (ISAKMP -
Internet Security Association and Key Management/IPSEC Key
Exchange). Do you want to allow this program to access the
network?

C\WINDOWS\SYSTEM32\LSASS.EXE

--- END QUOTE ----


What was trying to access the net through the firewall? Was it
legit?
Was it spyware?

It was legit, no spyware. Type EXEs name into Google for proof.

The remote machine was trying to see if you would like to talk
to it in an IPSEC encrypted fashion. Check your local security
policy and turn off client-respond if you don't want this to
happen in future.

Do I lose any functionality if I do turn it off as you suggest?