I manage IT for a small school. We have an IPSec tunnel up between two sites.
This morning I saw alerts that showed some unknown IP was attempting to negotiate an IPSec/IKE session with my firewall. In fact, it was happening independently at both sites originating from the same public IP. A whois on the IP showed it resolves to a major US University. I assumed it was a bored college student and didn't think much of it, but called the University's Abuse number anyway and left them a message.
I received a return call from an InfoSec guy at the college within 5 minutes, but to my surprise he told me their "engineering school" was performing some "research" on "IPSec and IKE..." He said I could send an email to open a ticket to request that my IP ranges were omitted from further "testing."
This seems like a really strange thing for a Ivy League school on the other coast to be doing to my network in Seattle. Is it legal?