DDI RULE 28
Publish date: 02 de agosto de 2019
DESCRIPTION NAME:
Unregistered service running on non-standard port
CONFIDENCE LEVEL: LOW
SEVERITY INBOUND:
SEVERITY OUTBOUND:
Informativo
Bajo
Medio
High
Resumen y descripción
This is Trend Micro detection for packets passing through SMTP network protocols that manifests unusual behavior which can be a potential intrusion. Below are some indicators of unusual behavior:
- Suspicious activity in administrator or privileged accounts
- Dubious logins, access, and other network activities that indicate probing or brute force attacks
- Anomalous spike of requests
- Network traffic that traverses in unusually used ports
- Unknown files, applications, and processes in the system
- Unusual traffic going in and out of the network
- Unusual message or file structure
Detalles técnicos
Protocol: SMTP
Risk Type: OTHERS
(Note: OTHERS can be network connections related to hacking attempts, exploits, connections done by grayware, or suspicious traffic.)
Threat Type: Suspicious behavior
Confidence Level: Low
Severity: Low(Inbound)| Medium(Outbound)| Low(Outbound)
DDI Default Rule Status: Enable
APT Related: NO
Soluciones
Network Content Correlation Pattern Version: 1.12437.00
Network Content Correlation Pattern Release Date: 18 Jan 2016
Immediate Action
- Update your Trend Micro products and pattern files to the latest version.
- Scan the host exhibiting this type of network behavior to clean any detected items.
Secondary Action
If scanning fails to detect a malware infection:
- If possible, disconnect the host from the network to prevent any further communication or malicious activities the malware may attempt.
- Run RootkitBuster to check through hidden files, registry entries, processes, drivers, and hooked system services.
- Use the Anti-Threat Toolkit (ATTK) tools to collect undetected malware information.
- Identify and clean threats with Rescue Disk, specific to suspected threats that are persistent or difficult-to-clean. Rescue Disk allows you to use a CD, DVD, or USB drive to examine your computer without launching Microsoft Windows.
Rellene nuestra encuesta!