Message Image

Skip main navigation (Press Enter).

Endpoint Protection Small Business Edition

View Only

Back to discussions

Expand all | Collapse all

High-Risk Intrusion Detected, States Port 0 but is via HTTP

Migration UserMar 11, 2015 11:08 AM

Hello, I've been tasked with finding out why the emails reporting attempted intrusions state "Targeted ...

ℬrίαηMar 13, 2015 07:58 AM

I would suggest opening a support ticket so they can look at this issue.

1. High-Risk Intrusion Detected, States Port 0 but is via HTTP

0 Recommend
Migration User
Posted Mar 11, 2015 11:08 AM

Reply Reply Privately
Hello,

I've been tasked with finding out why the emails reporting attempted intrusions state "Targeted Port Number 0" when intrusion attempts are made on port 80. eg:

Intrusion Name
Attack: an intrusion attempt was blocked.

Targeted Application

Targeted IP
x.x.x.x

Targeted Port Number
0

Targeted Host Name

Status
Blocked

When I pull up the logs, the request went to something like, "http://x.x.x.x/cgi-bin/somepage.php?%20%20%20..." etc. The request was clearly made to port 80, but the email is not reporting this correctly. Is there a plan to fix this?
2. RE: High-Risk Intrusion Detected, States Port 0 but is via HTTP

0 Recommend
ℬrίαη
Posted Mar 13, 2015 07:58 AM

Reply Reply Privately
I would suggest opening a support ticket so they can look at this issue.

Copyright 2019. All rights reserved.

Powered by Higher Logic