INFO: Accessible ISAKMP Report

DESCRIPTION LAST UPDATED: 2025-09-04

DEFAULT SEVERITY LEVEL: INFO

This report identifies hosts that have an accessible ISAKMP service on the Internet on port 500/UDP. From Wikipedia: Internet Security Association and Key Management Protocol (ISAKMP) is a protocol defined by RFC 2408 for establishing security association (SA) and cryptographic keys in an Internet environment.

The purpose of the report is informational only and for awareness.

You can track currently accessible ISAKMP services on our Dashboard.

For more information on our scanning efforts, check out our Internet scanning summary page.

This report has an IPv4 and IPv6 version.

Filename(s): population_isakmp, population6_isakmp.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • severity
    Severity level
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the response came on (always UDP)
  • port
    Port that the response came from (500/UDP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will be isakmp
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • hostname_source
    Hostname source
  • initiator_spi
    Initiator's SPI of the IKE_SA
  • responder_spi
    Responder's SPI of the IKE_SA
  • next_payload
    "Is there payload data present?" This will be "11" for "Payload Follows"
  • version
    IKE version, will be "10" (maps to version 1.0)
  • exchange
    The IKE Exchange Type: this will be "5" meaning "informational"
  • flags
    ISAKMP flags: this will be "0"
  • message_id
    The Message ID, which is "0"
  • next_payload2
    This is the same thing as the "next_payload" field, but buried in the payload that the original "next_payload" is referring to; it will be "0" for "none"
  • domain_of_interpretation
    This will be "0" for ISAKMP
  • protocol_id
    This will be "0" for "reserved"
  • spi_size
    This will be "0"
  • notify_message_type
    This will be "14" which maps to "no proposal chosen"
  • sector
    Sector of IP in question

Sample

"timestamp","severity","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","hostname_source","sector","initiator_spi","responder_spi","next_payload","exchange_type","flags","message_id","next_payload2","domain_of_interpretation","protocol_id","spi_size","notify_message_type","response_size","amplification"
"2010-02-10 00:00:00",info,192.168.0.1,udp,500,node01.example.com,isakmp,64512,ZZ,Region,City,0,ptr,,3e35c70729dfedef,02b265747fa634cf,11,05,00,5007574e,00,00,,0,14,,
"2010-02-10 00:00:01",info,192.168.0.2,udp,500,node02.example.com,isakmp,64512,ZZ,Region,City,0,ptr,,3e35c70729dfedef,b27ac8e14a864a95,11,05,00,00000000,00,00,,16,14,,
"2010-02-10 00:00:02",info,192.168.0.3,udp,500,node03.example.com,isakmp,64512,ZZ,Region,City,0,ptr,,3e35c70729dfedef,d42ad656da698a20,1,02,00,00000000,0d,00,,0,1,,

Our 139 Report Types

« Back to Network Reporting