Over the past week the following error started to appear in the router logs;
Mar 9 19:44:16 fe-0-1-100.blah.net 16: Mar 10 02:44:15.477:
%CRYPTO-4-IKMP_NO_SA: IKE message from 188.8.131.52 has no SA and is not
an initialization offer.
According to Cisco,
1. %CRYPTO-4-IKMP_NO_SA: IKE message from [IP_address] has no SA and is not
an initialization offer
IKE maintains the current state for a communication in the form of security
associations. No security association exists for the specified packet, and
it is not an initial offer from the peer to establish one. This situation
could indicate a denial-of-service attack.
Any suggestions are appreciated. The router that generated those log files
dropped part of an IGP routing table. Since I've never seen this log entry
before, I'm curious whether it's a 'new' DoS. Thank you.
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.