CVE-2001-0951
published 2001-12-07CVE-2001-0951: Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
40.76%
98.5th percentile
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect high-volume UDP traffic to port 500 (ISAKMP/IKE) with payloads consisting of repeated dot characters or random bytes, indicative of the DoS flood. ↗
- →Monitor for CPU utilization spiking to ~100% on Windows 2000 hosts coinciding with a flood of UDP/500 packets. ↗
- →Packets use spoofed source addresses (random source port 0–65535) with configurable TTL (default 64) and fragmentation offset; look for UDP/500 floods with randomised source IPs and ports. ↗
- →Default payload length is 800 bytes (plus 28-byte IP/UDP header overhead); filter for oversized or anomalous-length UDP/500 datagrams. ↗
- ·The exploit uses Net::RawIP to craft raw UDP packets, meaning standard socket-level filtering may not catch spoofed source addresses; ingress filtering (BCP38) is required for effective mitigation. ↗
- ·The vulnerability note acknowledges the root cause may be in the underlying UDP stack rather than IKE/ISAKMP itself, so the attack surface extends beyond IKE-specific implementations. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (1)
exploitdb·2001-12-11
CVE-2001-0951 Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (1)
Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (1)
---
// source: https://www.securityfocus.com/bid/3652/info
Internet Protocol Security (IPSec) provides authentication and encryption for IP network traffic. The Internet Key Exchange (IKE) protocol is a management protocol standard which is used with the IPSec standard. IKE contributes to the IPSec standard by providing additional features and by default listens on UDP port 500.
An issue exists in IKE which could cause a Windows 2000 host to stop responding.
Connecting to port 500 and submitting a continuous stream of arbitrary packets, will cause the CPU utilization to spike to approximately 100%.
It should be noted that this vulnerability may be due to an underlying issue with the UDP protocol.
/* Auto
Exploit-DB
Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (2)
exploitdb·2001-12-07
CVE-2001-0951 Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (2)
Microsoft Windows Server 2000 - Internet Key Exchange Denial of Service (2)
---
source: https://www.securityfocus.com/bid/3652/info
Internet Protocol Security (IPSec) provides authentication and encryption for IP network traffic. The Internet Key Exchange (IKE) protocol is a management protocol standard which is used with the IPSec standard. IKE contributes to the IPSec standard by providing additional features and by default listens on UDP port 500.
An issue exists in IKE which could cause a Windows 2000 host to stop responding.
Connecting to port 500 and submitting a continuous stream of arbitrary packets, will cause the CPU utilization to spike to approximately 100%.
It should be noted that this vulnerability may be due to an underlying issue with the UDP protocol.
#!/usr/bin/
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=100774842520403&w=2http://marc.info/?l=bugtraq&m=100813081913496&w=2http://www.securityfocus.com/bid/3652https://exchange.xforce.ibmcloud.com/vulnerabilities/7667http://marc.info/?l=bugtraq&m=100774842520403&w=2http://marc.info/?l=bugtraq&m=100813081913496&w=2http://www.securityfocus.com/bid/3652https://exchange.xforce.ibmcloud.com/vulnerabilities/7667
2001-12-07
Published