cbcvebase.
CVE-2001-0951
published 2001-12-07

CVE-2001-0951: Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that…

PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
40.76%
98.5th percentile
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.

Detection & IOCsextracted from sources · hover to see the quote

portUDP/500
filenamenb-isakmp.pl
  • Detect high-volume UDP traffic to port 500 (ISAKMP/IKE) with payloads consisting of repeated dot characters or random bytes, indicative of the DoS flood.
  • Monitor for CPU utilization spiking to ~100% on Windows 2000 hosts coinciding with a flood of UDP/500 packets.
  • Packets use spoofed source addresses (random source port 0–65535) with configurable TTL (default 64) and fragmentation offset; look for UDP/500 floods with randomised source IPs and ports.
  • Default payload length is 800 bytes (plus 28-byte IP/UDP header overhead); filter for oversized or anomalous-length UDP/500 datagrams.
  • ·The exploit uses Net::RawIP to craft raw UDP packets, meaning standard socket-level filtering may not catch spoofed source addresses; ingress filtering (BCP38) is required for effective mitigation.
  • ·The vulnerability note acknowledges the root cause may be in the underlying UDP stack rather than IKE/ISAKMP itself, so the attack surface extends beyond IKE-specific implementations.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.