[Emerging-Sigs] [jmm] Is attacking port 0 (zero) really a thing?

Michał Purzyński michalpurzynski1 at gmail.com
Fri Oct 18 17:28:44 HDT 2019


Quite frankly, I have never seen those “engine” or anomaly rules as useful.

We just disable all rules starting with Suricata*

> On Oct 18, 2019, at 6:27 PM, James Moe via Emerging-sigs <emerging-sigs at lists.emergingthreats.net> wrote:
> 
> suricata v5.0.0
> opensuse 15.0
> 
> Found a lot of there entries in the fast.log for the last two days.
> 
> 10/18/2019-13:06:01.032939  [Drop] [**] [1:2200076:2] SURICATA ICMPv4 invalid
> checksum [**] [Classification: Generic Protocol Command Decode] [Priority: 3]
> {ICMP} 60.191.38.77:771 -> 192.168.69.246:0
> 
> Is attacking port 0 really a thing?
> 
> -- 
> James Moe
> moe dot james at sohnen-moe dot com
> 520.743.3936
> Think.
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net
> 


More information about the Emerging-sigs mailing list