[Emerging-Sigs] [jmm] Is attacking port 0 (zero) really a thing?

Victor Julien lists at inliniac.net
Fri Oct 18 23:00:05 HDT 2019


On 19-10-19 03:27, James Moe via Emerging-sigs wrote:
> suricata v5.0.0
> opensuse 15.0
> 
> Found a lot of there entries in the fast.log for the last two days.
> 
> 10/18/2019-13:06:01.032939  [Drop] [**] [1:2200076:2] SURICATA ICMPv4 invalid
> checksum [**] [Classification: Generic Protocol Command Decode] [Priority: 3]
> {ICMP} 60.191.38.77:771 -> 192.168.69.246:0
> 
> Is attacking port 0 really a thing?

It's ICMP, so it doesn't use ports. It is supposed to print the ICMP
type, but I see there is an output bug there.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20191019/760d58eb/attachment.sig>


More information about the Emerging-sigs mailing list