The OSI Connection Oriented Transport Protocol (COTP), is used by ICCP to establish sessions and exchange connection parameters. To connect to an ICCP server, an attacker must know the destination TSAP. Repeated COTP Disconnect messages would indicate a brute force attempt to guess the destination TSAP.
ICCP servers and MMS-based applications.
Investigate the source of the traffic and if it is malicious, take steps to prevent further attacks.