virus logo Intrusion Prevention

ICCP.COTP.Disconnect.Address.Unknown.Request

description-logoDescription

The OSI Connection Oriented Transport Protocol (COTP), is used by ICCP to establish sessions and exchange connection parameters. To connect to an ICCP server, an attacker must know the destination TSAP. Repeated COTP Disconnect messages would indicate a brute force attempt to guess the destination TSAP.

affected-products-logoAffected Products

ICCP servers and MMS-based applications.

Impact logoImpact

System Integrity

recomended-action-logoRecommended Actions

Investigate the source of the traffic and if it is malicious, take steps to prevent further attacks.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 11516
Created Dec 20, 2005
Updated Apr 23, 2014
Risk black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action pass
Active
Affected OS Other
Affected App SCADA