ICCP.COTP.Disconnect.Address.Unknown.Request
Description
The OSI Connection Oriented Transport Protocol (COTP), is used by ICCP to establish sessions and exchange connection parameters. To connect to an ICCP server, an attacker must know the destination TSAP. Repeated COTP Disconnect messages would indicate a brute force attempt to guess the destination TSAP.
Affected Products
ICCP servers and MMS-based applications.
Impact
System Integrity
Recommended Actions
Investigate the source of the traffic and if it is malicious, take steps to prevent further attacks.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |