Notification change: Abnormal tcp traffic detected, source port is zero, DROP

AdmineXant
AdmineXant Posts: 12  Freshman Member
First Comment Friend Collector First Anniversary
in Security Ideas

Is it possible to request a change to the log level for events such as: "Invalid TCP traffic detected, source port is zero, DROP"
Lately I've been receiving notifications every 20 seconds and I can't hide them when viewing the logs.
Support says there is currently no way to disable logging of these events. This is standard SPI logging. The only way is to change the software to change the notification type to Debug.
Please consider for example: changing the log level to "debug level" in the future, then the system will not notify about this attack as a warning. And let him be able to hide it if he needs to.

1
Up Down
1 votes

In Review · Last Updated

This will be implemented in the next firmware release; the ETA is about 2025 Q2. Here are the items that will be changed to the debug level: abnormal tcp traffic detected, source port is zero, DROP abnormal tcp traffic detected, destination port is zero, DROP abnormal udp traffic detected, source port is zero, DROP abnormal udp traffic detected, destination port is zero, DROP

Comments

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,270  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @AdmineXant,

    Good news~ I just checked with our engineer and now we can disable the "Abnormal tcp traffic detected" logs. Please reference the below FAQ:

    https://community.zyxel.com/en/discussion/27532/how-do-i-disable-abnormal-tcp-flag-detect-using-the-cli
    Zyxel Melen


  • AdmineXant
    AdmineXant Posts: 12  Freshman Member
    First Comment Friend Collector First Anniversary
    edited December 2024

    @Zyxel_Melen thank you for response but this will not work because is not a abnormal TCP flag attack… but abnormal TCP traffic attack…

  • Zyxel_Melen
    Zyxel_Melen Posts: 3,270  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    edited December 2024

    Hi @AdmineXant,

    Thanks for pointing it out. Let me check with our product team again. Also, I will remove the comment in the idea status.

    Zyxel Melen


  • Zyxel_Melen
    Zyxel_Melen Posts: 3,270  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @AdmineXant,

    I have let our product team know about this request and evaluating this idea. If I have any further information, I will update it here.

    Zyxel Melen


  • Zyxel_Melen
    Zyxel_Melen Posts: 3,270  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @AdmineXant,

    I just received our team's feedback, and I want to share with you that this will be implemented in the next firmware release; the ETA is about 2025 Q2.

    Here are the items that will be changed to the debug level:

    • abnormal tcp traffic detected, source port is zero, DROP
    • abnormal tcp traffic detected, destination port is zero, DROP
    • abnormal udp traffic detected, source port is zero, DROP
    • abnormal udp traffic detected, destination port is zero, DROP
    Zyxel Melen


  • AdmineXant
    AdmineXant Posts: 12  Freshman Member
    First Comment Friend Collector First Anniversary

    Thank You @Zyxel_Melen

  • AdmineXant
    AdmineXant Posts: 12  Freshman Member
    First Comment Friend Collector First Anniversary

    Hello,

    The new firmware appeared V5.40(ABUI.0)C0 with the modification number 5. [ENHANCEMENT] [eITS#241200805] Adjust abnormal tcp/udp traffic detected logs to debug level.

    Thank You for this.

    Is there any guide to to turn it on ?

  • AdmineXant
    AdmineXant Posts: 12  Freshman Member
    First Comment Friend Collector First Anniversary

    I see that it has been turned on by default.

    :)

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)