Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:524 |
| Message | BAD-TRAFFIC tcp port 0 traffic |
| Summary | This event is generated when TCP traffic to port 0 is detected. This should not be seen in normal TCP communications. |
| Impact | Possible reconnaisance. This may be an attempt to verify the existance of a host or hosts at a particular address or address range. |
| Detailed Information | TCP traffic to port 0 is not valid under normal circumstances. an indicator of unauthorized network use, reconnaisance activity or system compromise. These rules may also generate an event due to improperly configured network devices. |
| Affected Systems | Any |
| Attack Scenarios | The attacker could send packets to a host with a destination port of 0. The attacker might also be using hping to verify the existance of a host as a prelude to an attack. |
| Ease of Attack | Simple |
| Corrective Action | Disallow TCP traffic to port 0. |
| Additional References |
--
DID:642994
--
http://www.aanval.com/