Vulnerable ISAKMP Report

This report identifies hosts that have a vulnerable IKE service accessible on the Internet.

For more information, please see the Cisco Security Advisory.

For more details behind the scan methodology and a daily update of global ISAKMP scan statistics please visit our dedicated Vulnerable ISAKMP scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.


  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the response came on (always UDP)
  • port
    Port that the response came from (500/UDP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be isakmp-vulnerable
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • initiator_spi
    Initiator's SPI of the IKE_SA
  • responder_spi
    Responder's SPI of the IKE_SA
  • next_payload
    "Is there payload data present?" This will be "11" for "Payload Follows"
  • version
    IKE version, will be "10" (maps to version 1.0)
  • exchange_type
    The IKE Exchange Type: this will be "5" meaning "informational"
  • flags
    ISAKMP flags: this will be "0"
  • message_id
    The Message ID, which is "0"
  • next_payload2
    This is the same thing as the "next_payload" field, but buried in the payload that the original "next_payload" is referring to; it will be "0" for "none"
  • domain_of_interpretation
    This will be "0" for ISAKMP
  • protocol_id
    This will be "0" for "reserved"
  • spi_size
    This will be "0"
  • notify_message_type
    This will be "14" which maps to "no proposal chosen"

Our 126 Report Types