Thinking...
[get complete service list]
Top of page
Port Information
Protocol Service Name
tcp isakmp VPN Key Exchange
udp isakmp VPN Key Exchange
Top IPs Scanning
Today Yesterday
18.217.194.148 (254)3.148.147.222 (411)
124.198.131.83 (106)172.240.122.124 (239)
103.203.57.27 (47)103.125.189.66 (138)
45.153.34.156 (42)124.198.131.83 (99)
219.130.175.72 (42)103.203.59.15 (62)
103.203.57.10 (32)152.32.138.230 (55)
103.203.58.5 (30)103.203.57.27 (54)
95.215.0.144 (28)103.203.58.5 (49)
152.32.207.150 (25)139.162.99.58 (45)
139.162.99.58 (24)103.203.57.10 (44)
Port diary mentions
URL
Critical Cisco ASA IKEv1v2 Vulnerability. Active Scanning Detected
Top of page
User Comments
Submitted By Date
Comment
PC.Tech 2016-02-13 01:42:50
Per: - https://www.kb.cert.org/vuls/id/327976 11 Feb 2016 - "... Note that Cisco ASA versions 7.2, 8.2, 8.3, and 8.6 are affected but no-longer-supported by the vendor. Users of these versions should strongly consider migrating to a supported solution..." //
2016-02-11 01:32:24
CVE-2016-1287 - Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability For details see https://blog.exodusintel.com/2016/01/26/firewall-hacking/ or https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Javier Fernandez-Sanguino 2003-05-11 03:20:54
This port might be used by vulnerability CAN-2003-0108 (affects tcpdump) and CAN-2002-1103 (affects the Cisco VPN concentrator) There seems to be increasing scanning in this port (as described in http://cert.uni-stuttgart.de/archive/intrusions/2003/01/msg00374.html) which might be related to the release of a new tool (ike-scan, see http://cert.uni-stuttgart.de/archive/intrusions/2003/01/msg00354.html)
Top of page
CVE Links
CVE # Description
CVE-2016-1287
CVE-2017-5205
Top of page