Intrusion Prevention

ICCP.COTP.Disconnect.Address.Unknown.Request

Description

The OSI Connection Oriented Transport Protocol (COTP), is used by ICCP to establish sessions and exchange connection parameters. To connect to an ICCP server, an attacker must know the destination TSAP. Repeated COTP Disconnect messages would indicate a brute force attempt to guess the destination TSAP.

Affected Products

ICCP servers and MMS-based applications.

Impact

System Integrity

Recommended Actions

Investigate the source of the traffic and if it is malicious, take steps to prevent further attacks.