Why IREIKE makes UDP call to next ip-address, port 62516.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

hi,

Does anybody know whay IREIKE makes a call every 5 secs to the next
machine's ip-address port 62516? If address exists call is made to the UDP
port 62516, if there is no pc, the ARP brodcast call is executed with the
same frequence, looking for the MAC address.
It seems that if you have a IPSEC based VPN client installed than you get
this effect. I tested with SonicWall and Watchguard, the same effect. If you
kill IREIKE process this unnecessary traffic stops.

I do not think there is is any special danger in it, but i do not like it
:-) Why should my PC ping my neghbour all the time?

regards, donald
 
hi,

Does anybody know whay IREIKE makes a call every 5 secs to the
next
machine's ip-address port 62516? If address exists call is
made to the UDP
port 62516, if there is no pc, the ARP brodcast call is
executed with the
same frequence, looking for the MAC address.
It seems that if you have a IPSEC based VPN client installed
than you get
this effect. I tested with SonicWall and Watchguard, the same
effect. If you
kill IREIKE process this unnecessary traffic stops.

I do not think there is is any special danger in it, but i do
not like it
:-) Why should my PC ping my neghbour all the time?

regards, donald
Click to expand...

IREIKE is for VPN’s, if (for what ever reason) youv set up a VPN
between the two computers, there is your answer, it will be sending
keep alive request
 
hi,
No, you do not have to set VPN between two computers.
ALL THE COMPUTERS in the organization that have e.g Sonicwall or Watchguard
VPN installed start pinging the computer with next IP address (your own ip +
1) on the UDP port 62516. If the address is not allocated to any computer
you will get ARP broadcast instead :-) I have seen in in three networks so
far, since I started looking at it, with two different VPN products. It is
enough to go to CMD prompt and execute "arp -a" couple of times without
establishing any VPN connection to anyone. You will soon see the next ip
address in the cache (with MAC address or marked as illegal). It is much more
fun to use Etherreal to see the actual packets but that does not say so much
anyway (at least to me) :-)

You can imagine that it creates a lot of extra traffic in the network. I am
a consultant and one of my customers made the measurements of network traffic
when they discovered this phenomenon :-) Since than I started looking for it
and noticed in at other places. I suspect it is IREIKE that has som sort of
bug and everybody calls it and get the same effect. SONICWALL supprt
department was not aware of the situation :-)
 
Back
Top