The Shadowserver Foundation

Vulnerable ISAKMP Scanning Project

This scan is looking for devices that contain a vulnerability in their IKEv1 packet processing code that could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. More information on this issue can be found on Cisco's site at: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

The goal of this project is to identify the vulnerable systems and report them back to the network owners for remediation.

Information on these vulnerable devices has been incorporated into our reports and is being reported on a daily basis.

Methodology

We are querying all computers with routable IPv4 addresses that are not firewalled from the internet with a specifically crafted 64 byte ISAKMP packet and capturing the response. We intend no harm, but if we are causing problems, please contact us at: dnsscan [at] shadowserver [dot] org.

Whitelisting

To be removed from this set of scanning you will need to send an email to dnsscan [at] shadowserver [dot] org with the specific CIDR's that you would like to have removed. You will have to be the verifiable owner of these CIDR's and be able to prove that fact. Any address space that is whitelisted will be publicly available here: https://isakmpscan.shadowserver.org/exclude.html

Useful Links

Scan Status

Statistics on current run

Other Statistics

If you would like other statistics and information on historical trends, please take a look at: https://isakmpscan.shadowserver.org/stats/. Otherwise, stats from the most current scan are listed below.


All Vulnerable Devices

All Vulnerable ISAKMP

(Click image to enlarge)

If you would like to see more regions click here

All Vulnerable Devices

All Vulnerable ISAKMP

(Click image to enlarge)



If you would like us to not scan your network, please let us know and we will remove your networks from the scan.

Likewise, if you have anymore questions please feel free to send us an email at: gro [tod] revfooreswodahs [ta] nacbarssnd

The Shadowserver Foundation