This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About MUNNA2117
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About MUNNA2117
08-17-2021
1Post
0Likes
0Solutions
Aug 17, 2021Last Visited
User
Activity
User
Profile
Latest posts by MUNNA2117
| Subject | Views | Posted |
|---|---|---|
| 3834 | 08-16-2021 08:02 PM |
User Badges
Community Statistics
| Member Since | 08-16-2021 07:56 PM |
| Date Last Visited | 08-17-2021 05:03 AM |
| Posts | 1 |
08-16-2021
08:02 PM
Can anyone suggest why this alerts keep triggering on regular basis. Internal connection - destination port is 5060. Observed multiple SYN/FIN connection. SIP Register Request Attempt(33592 ) SIP clients typically use TCP or UDP on port numbers 5060 or 5061 for SIP traffic to servers and other endpoints. Port 5060 is commonly used for non-encrypted signaling traffic whereas port 5061 is typically used for traffic encrypted with Transport Layer Security (TLS). A SYN-FIN flood is a DDoS attack designed to disrupt network activity by saturating bandwidth and resources on stateful devices in its path. By continuously sending SYN-FIN packets towards a target, stateful defenses can go down (In some cases into a fail open mode). On checking logs in DT, # SF Normal establishment and termination. # RSTR Established, responder aborted. # SH Originator sent a SYN followed by a FIN, we never saw a SYN ACK from the responder (hence the connection was "half" open). # OTH No SYN seen, just midstream traffic (a "partial connection" that was not later closed).
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
08-17-2021
05:03 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks