Notification change: Abnormal tcp traffic detected, source port is zero, DROP

AdmineXant
AdmineXant Posts: 8  Freshman Member
First Comment First Anniversary
in Security Ideas

Is it possible to request a change to the log level for events such as: "Invalid TCP traffic detected, source port is zero, DROP"
Lately I've been receiving notifications every 20 seconds and I can't hide them when viewing the logs.
Support says there is currently no way to disable logging of these events. This is standard SPI logging. The only way is to change the software to change the notification type to Debug.
Please consider for example: changing the log level to "debug level" in the future, then the system will not notify about this attack as a warning. And let him be able to hide it if he needs to.

1
Up Down
1 votes

In Review · Last Updated

This will be implemented in the next firmware release; the ETA is about 2025 Q2. Here are the items that will be changed to the debug level: abnormal tcp traffic detected, source port is zero, DROP abnormal tcp traffic detected, destination port is zero, DROP abnormal udp traffic detected, source port is zero, DROP abnormal udp traffic detected, destination port is zero, DROP

Comments

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,592  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @AdmineXant,

    Good news~ I just checked with our engineer and now we can disable the "Abnormal tcp traffic detected" logs. Please reference the below FAQ:

    https://community.zyxel.com/en/discussion/27532/how-do-i-disable-abnormal-tcp-flag-detect-using-the-cli

    Zyxel Melen


  • AdmineXant
    AdmineXant Posts: 8  Freshman Member
    First Comment First Anniversary
    edited December 19

    @Zyxel_Melen thank you for response but this will not work because is not a abnormal TCP flag attack… but abnormal TCP traffic attack…

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,592  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    edited December 23

    Hi @AdmineXant,

    Thanks for pointing it out. Let me check with our product team again. Also, I will remove the comment in the idea status.

    Zyxel Melen


  • Zyxel_Melen
    Zyxel_Melen Posts: 2,592  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @AdmineXant,

    I have let our product team know about this request and evaluating this idea. If I have any further information, I will update it here.

    Zyxel Melen


  • Zyxel_Melen
    Zyxel_Melen Posts: 2,592  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @AdmineXant,

    I just received our team's feedback, and I want to share with you that this will be implemented in the next firmware release; the ETA is about 2025 Q2.

    Here are the items that will be changed to the debug level:

    • abnormal tcp traffic detected, source port is zero, DROP
    • abnormal tcp traffic detected, destination port is zero, DROP
    • abnormal udp traffic detected, source port is zero, DROP
    • abnormal udp traffic detected, destination port is zero, DROP

    Zyxel Melen


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)