Notification change: Abnormal tcp traffic detected, source port is zero, DROP





Is it possible to request a change to the log level for events such as: "Invalid TCP traffic detected, source port is zero, DROP"
Lately I've been receiving notifications every 20 seconds and I can't hide them when viewing the logs.
Support says there is currently no way to disable logging of these events. This is standard SPI logging. The only way is to change the software to change the notification type to Debug.
Please consider for example: changing the log level to "debug level" in the future, then the system will not notify about this attack as a warning. And let him be able to hide it if he needs to.
Comments
-
Hi @AdmineXant,
Good news~ I just checked with our engineer and now we can disable the "Abnormal tcp traffic detected" logs. Please reference the below FAQ:
Zyxel Melen0 -
@Zyxel_Melen thank you for response but this will not work because is not a abnormal TCP flag attack… but abnormal TCP traffic attack…
0 -
Hi @AdmineXant,
Thanks for pointing it out. Let me check with our product team again. Also, I will remove the comment in the idea status.
Zyxel Melen1 -
Hi @AdmineXant,
I have let our product team know about this request and evaluating this idea. If I have any further information, I will update it here.
Zyxel Melen0 -
Hi @AdmineXant,
I just received our team's feedback, and I want to share with you that this will be implemented in the next firmware release; the ETA is about 2025 Q2.
Here are the items that will be changed to the debug level:
- abnormal tcp traffic detected, source port is zero, DROP
- abnormal tcp traffic detected, destination port is zero, DROP
- abnormal udp traffic detected, source port is zero, DROP
- abnormal udp traffic detected, destination port is zero, DROP
Zyxel Melen1 -
Thank You @Zyxel_Melen
0 -
Hello,
The new firmware appeared V5.40(ABUI.0)C0 with the modification number 5. [ENHANCEMENT] [eITS#241200805] Adjust abnormal tcp/udp traffic detected logs to debug level.
Thank You for this.
Is there any guide to to turn it on ?
0 -
I see that it has been turned on by default.
:)
0
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 169 Nebula Ideas
- 114 Nebula Status and Incidents
- 6K Security
- 382 USG FLEX H Series
- 294 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.7K Consumer Product
- 267 Service & License
- 412 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight