Intrusion Prevention



The OSI Connection Oriented Transport Protocol (COTP), is used by ICCP to establish sessions and exchange connection parameters. To connect to an ICCP server, an attacker must know the destination TSAP. Repeated COTP Disconnect messages would indicate a brute force attempt to guess the destination TSAP.

Affected Products

ICCP servers and MMS-based applications.


System Integrity

Recommended Actions

Investigate the source of the traffic and if it is malicious, take steps to prevent further attacks.