DESCRIPTION LAST UPDATED: 2024-01-08
DEFAULT SEVERITY LEVEL: HIGH
This report identifies hosts that have been observed performing scanning activity against IKEv2 honeypot sensors. This may include reconnaissance attempts by potential attackers for open services, exploitation attempts (including botnets) or just researchers scanning for exposed endpoints.
Track IKEv2 scans seen by us on the Dashboard, for example at here (you can also see world map/tree map etc visualizations by selecting
honeypot source and the
ikev2-scan tag. You can also search for specific IKEv2 related CVEs being exploited at a given point in time on our Exploited Vulnerabilities daily list. You can also check what devices are scanning IKEv2 by searching for
ikev2-scan type in our Attacking Devices daily list.
If you receive a report about scans coming from your network/constituency make sure to investigate for possible malware or compromise or other abuse.
Severity levels are described here.
File name: event4_honeypot_ikev2_scan