Notification change: Abnormal tcp traffic detected, source port is zero, DROP

AdmineXant

Is it possible to request a change to the log level for events such as: "Invalid TCP traffic detected, source port is zero, DROP"
Lately I've been receiving notifications every 20 seconds and I can't hide them when viewing the logs.
Support says there is currently no way to disable logging of these events. This is standard SPI logging. The only way is to change the software to change the notification type to Debug.
Please consider for example: changing the log level to "debug level" in the future, then the system will not notify about this attack as a warning. And let him be able to hide it if he needs to.

Zyxel_Melen

Hi @AdmineXant,

Good news~ I just checked with our engineer and now we can disable the "Abnormal tcp traffic detected" logs. Please reference the below FAQ:

https://community.zyxel.com/en/discussion/27532/how-do-i-disable-abnormal-tcp-flag-detect-using-the-cli

AdmineXant

@Zyxel_Melen thank you for response but this will not work because is not a abnormal TCP flag attack… but abnormal TCP traffic attack…

Zyxel_Melen

Hi @AdmineXant,

Thanks for pointing it out. Let me check with our product team again. Also, I will remove the comment in the idea status.

Zyxel_Melen

Hi @AdmineXant,

I have let our product team know about this request and evaluating this idea. If I have any further information, I will update it here.

Zyxel_Melen

Hi @AdmineXant,

I just received our team's feedback, and I want to share with you that this will be implemented in the next firmware release; the ETA is about 2025 Q2.

Here are the items that will be changed to the debug level:

• abnormal tcp traffic detected, source port is zero, DROP
• abnormal tcp traffic detected, destination port is zero, DROP
• abnormal udp traffic detected, source port is zero, DROP
• abnormal udp traffic detected, destination port is zero, DROP

AdmineXant

Thank You @Zyxel_Melen