Unusual message from firewall

In article <93C0F3733AE7A471AE@130.133.1.4>,
Vance Roos <not__me@mail.com> wrote:
:While downloading some Usenet articles from the Ney on my XP Pro
:system, I got the following message from my Sygate Pro firewall

:LSA Shell [Export Version] is being connected by the remote machine
:[80.116.234.103] using local port 500 (ISAKMP - Internet Security
:Association and Key Management/IPSEC Key Exchange).

Notice it says it is being contacted by a remote machine. The implication
is that while you *happened* to be doing <whatever>, someone/something at
80.116.234.103 probed your udp 500 port. The attempted access probably
had nothing to do with any activity of yours.

:What was trying to access the net through the firewall? Was it
:legit? Was it spyware?

% This is the RIPE Whois server.
inetnum: 80.116.128.0 - 80.116.255.255
netname: TINIT-ADSL-LITE
descr: Telecom Italia

Unless you happen to have been accessing a slow-speed ADSL (512 Kb max
upload speed) based host in Italy, chances are good that the
access attempt Should Not Have Happened.
--
IEA408I: GETMAIN cannot provide buffer for WATLIB.

"Vance Roos" <not__me@mail.com> wrote in message
news:93C0F3733AE7A471AE@130.133.1.4...

> While downloading some Usenet articles from the Ney on my XP Pro
> system, I got the following message from my Sygate Pro firewall
> (version 5.0).
>
>
> --- QUOTE ----
>
> LSA Shell [Export Version] is being connected by the remote machine
> [80.116.234.103] using local port 500 (ISAKMP - Internet Security
> Association and Key Management/IPSEC Key Exchange). Do you want to
> allow this program to access the network?
>
> C\WINDOWS\SYSTEM32\LSASS.EXE
>
> --- END QUOTE ----
>
>
> What was trying to access the net through the firewall? Was it
> legit? Was it spyware?

It was legit, no spyware. Type EXEs name into Google for proof.

The remote machine was trying to see if you would like to talk to it in an
IPSEC encrypted fashion. Check your local security policy and turn off
client-respond if you don't want this to happen in future.

--
Regards,
Bjorn Randell
Bjorn@AlphaMale.me.uk or ICQ #137732

"Bjorn Randell" <Bjorn@AlphaMale.me.uk> wrote:

> "Vance Roos" <not__me@mail.com> wrote in message
> news:93C0F3733AE7A471AE@130.133.1.4...

>> While downloading some Usenet articles from the Ney on my XP
>> Pro system, I got the following message from my Sygate Pro
>> firewall (version 5.0).
>>
>>
>> --- QUOTE ----
>>
>> LSA Shell [Export Version] is being connected by the remote
>> machine [80.116.234.103] using local port 500 (ISAKMP -
>> Internet Security Association and Key Management/IPSEC Key
>> Exchange). Do you want to allow this program to access the
>> network?
>>
>> C\WINDOWS\SYSTEM32\LSASS.EXE
>>
>> --- END QUOTE ----
>>
>>
>> What was trying to access the net through the firewall? Was it
>> legit?
>> Was it spyware?

>
> It was legit, no spyware. Type EXEs name into Google for proof.
>
> The remote machine was trying to see if you would like to talk
> to it in an IPSEC encrypted fashion. Check your local security
> policy and turn off client-respond if you don't want this to
> happen in future.

Do I lose any functionality if I do turn it off as you suggest?