GEN:SID 1:2414
Message EXPLOIT ISAKMP initial contact notification without SPI attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in the handling of ISAKMP data and SA keys.
Impact Serious
Detailed Information The Internet Security Association and Key Management Protocol (ISAKMP)
is used as a framework for an authentication method between peers using
secure keys.

ISAKMP is a framework for authentication using cryptographic keys. It
specifically defines the process of key exchange as opposed to the
generation of a cryptographic key.

ISAKMP also details the procedures for the required security
associations in network security services.
Affected Systems Kame Racoon
Attack Scenarios The attacker may attempt to delete keys and security associations in
hosts running the KAME IKE Daemon.
Ease of Attack Simple
Corrective Action Apply the appropriate vendor supplied patches
Additional References ISAKMP:
http://www.networksorcery.com/enp/protocol/isakmp.htm

RFC:
http://www.ietf.org/rfc/rfc2407.txt
http://www.ietf.org/rfc/rfc2408.txt

IANA:
http://www.iana.org/assignments/isakmp-registry
Rule References bugtraq: 9416
bugtraq: 9417
cve: 2004-0164