Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:524 |
Message | BAD-TRAFFIC tcp port 0 traffic |
Summary | This event is generated when TCP traffic to port 0 is detected. This should not be seen in normal TCP communications. |
Impact | Possible reconnaisance. This may be an attempt to verify the existance of a host or hosts at a particular address or address range. |
Detailed Information | TCP traffic to port 0 is not valid under normal circumstances. an indicator of unauthorized network use, reconnaisance activity or system compromise. These rules may also generate an event due to improperly configured network devices. |
Affected Systems | Any |
Attack Scenarios | The attacker could send packets to a host with a destination port of 0. The attacker might also be using hping to verify the existance of a host as a prelude to an attack. |
Ease of Attack | Simple |
Corrective Action | Disallow TCP traffic to port 0. |
Additional References |
--
DID:642994
--
http://www.aanval.com/