abnormal TCP traffic detected
All Replies
-
Its just traffic that seems odd to the firewall and drops it.
0 -
Thanks for the answer, so there is nothing to do?0
-
But this "abnormal TCP traffic with destination port zero" is more and more annoying since we get an alert email every time, but don't want to generally switch off those alert emails.
0 -
Yes that´s real annoying.
The Source of this abnormal TCP traffic is in our case always from Chunghwa Telecom Co. Ltd. in Taiwan.
0 -
In the meantime we get this abnormal traffic from many different IPs, mostly originated in asian region, too. We're maintaining an "bad" IP list, collected in a "port_zero_group" and created an additional security policy control rule which immediately drops these packets without alert log. But since it become more and more "bad" IPs, maintaining of such a list is not practicable anymore.
0 -
When device receives a UDP/TCP packet with source port zero or destination port zero, the device will drop this packet and generate a log. This behavior is a MUST for ICSA firewall certification, so the logs cannot be turned off and it is not configurable.
We plan to change the log level as "debug level" in the future, then system will not notify this attack as alert. Here is another post for your reference.Click this link to start: https://bit.ly/3R2Wx52
Emily0 -
Hello
Ok, thanks for the Info and the Link.
Regards0 -
Hi @User1234,In the latest version 5.30, the log level of "abnormal TCP traffic detected" is moved to "notice" level.It means you won't get alert notification mail when these logs appear. They appear on the Monitor > Log only.
Click this link to start: https://bit.ly/3R2Wx52
Emily0 -
Zyxel_Emily said:In the latest version 5.30, the log level of "abnormal TCP traffic detected" is moved to "notice" level.
0 -
Hi @USG_User,It is also implemented in the latest firmware of 4.72. We will release the latest version in New & Release soon.
Click this link to start: https://bit.ly/3R2Wx52
Emily0
Categories
- All Categories
- 177 Beta Program
- 1.7K Nebula
- 88 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 913 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 295 News and Release
- 65 Security Advisories
- 14 Education Center
- 976 FAQ
- 424 Nebula FAQ
- 251 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 21 Consumer Product FAQ
- 65 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 52 Security Highlight