Vulnerable ISAKMP Report

This report identifies hosts that have a vulnerable IKE service accessible on the Internet.

For more information, please see the Cisco Security Advisory.

For more details behind the scan methodology and a daily update of global ISAKMP scan statistics please visit our dedicated Vulnerable ISAKMP scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

Fields

timestamp

Time that the IP was probed in UTC+0
ip

The IP address of the device in question
protocol

Protocol that the response came on (always UDP)
port

Port that the response came from (500/UDP)
hostname

Reverse DNS name of the device in question
tag

Will always be isakmp-vulnerable
asn

ASN of where the device in question resides
geo

Country where the device in question resides
region

State / Province / Administrative region where the device in question resides
city

City in which the device in question resides
naics

North American Industry Classification System Code
sic

Standard Industrial Classification System Code
initiator_spi

Initiator's SPI of the IKE_SA
responder_spi

Responder's SPI of the IKE_SA
next_payload

"Is there payload data present?" This will be "11" for "Payload Follows"
version

IKE version, will be "10" (maps to version 1.0)
exchange_type

The IKE Exchange Type: this will be "5" meaning "informational"
flags

ISAKMP flags: this will be "0"
message_id

The Message ID, which is "0"
next_payload2

This is the same thing as the "next_payload" field, but buried in the payload that the original "next_payload" is referring to; it will be "0" for "none"
domain_of_interpretation

This will be "0" for ISAKMP
protocol_id

This will be "0" for "reserved"
spi_size

This will be "0"
notify_message_type

This will be "14" which maps to "no proposal chosen"