Where to disable alert log for: "abnormal TCP traffic detected"
All Replies
-
Hi Tobias,Hope your colleagues are back on track this week and could take a look since these "destination port zero" abnormal TCP traffic alert logs are annoying. Between these "destination port zero" packets we are also receiving "source port zero" warnings. They will also being dropped but the alert log by email will be sent out as well.0
-
Hi there,Anything come of this ?I have this exact same issue on a >Model Name:ZyWALL 310Firmware Version:V4.70(AAAB.0) / 2021-10-27 17:29:18im getting the below 30 -40 times a day
No. Date/Time Source Destination
Priority Category Note
Message
1 2022-02-08 16:38:26 x.x.x.x:23702 x.x.x.x
alert secure-policy ACCESS BLOCK
abnormal tcp traffic detected, destination port is zero, DROP
Thanks in advance
0 -
-
Thanks Stanley,It's undisputable that this kind of traffic is unsafe. Further the USG drops these packets as expected. All is fine in this connection.Only the way how USG is reporting it, is confusing. Here I wouldn't go so far changing the log level to "debug". From my point of view this kind of traffic belongs to "Anomaly Detection and Prevention" (ADP) and any log or alert log handling should be controlled via ADP log settings. This is my first note.Since this (log settings) is presently not working, I've added an additional Security Policy Rule for that suspicious IP where the "port zero" packets mostly originated from. This rule should drop any packets from this IP without logging (means without normal or alert log). But it also doesn't work. USG is still sending alert logs out. Why? This is my second note in this regard.Seems the processing of such bluddy packets takes place even before the security policy handling, isn't it?1
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight