I was looking through the Network security portion my Executive Report last night and I came across something I'm not sure what to make of.
I'm consistently seeing TCP Protocol & Service 0 listed as the #1 violation in my logs. The top source is the external IP of a remote office (linked by IPSEC VPN) and the top destination is the external IP of our main office. The spikes in the violations correspond to expected increases in traffic from that office but no services that run over that link appear affected.
What is TCP service 0? I assume for service the report means port but port 0 is reserved according to IANA.
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.