Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
276
Views
5
Helpful
3
Replies

CSA server polling server on port 0

wilson_1234_2
Level 3
Level 3

‎07-19-2007 01:07 PM - edited ‎03-09-2019 06:26 PM

We have a server that keeps kicking alerts to our intrusion detection system.

The alert is showing that the CSA server is polling the server on UDP port 0 and the IDS system says this is an invalid port.

The originating port on the CSA server is random.

Is there any reason for CSA to be polling a server on port 0?

This is the only error we are getting like this.

Does anyone have an idea as to what this may be?

Labels:
0 Helpful
3 Replies 3

jwalker
Level 3
Level 3

‎07-19-2007 02:33 PM

If you are seeing the alerts on the IPS with a port of 0, you are actually seeing the sensor summarize events. If you change the firing signature to "Fire All", you will see the true port.

Cheers.

Jay

wilson_1234_2
Level 3
Level 3
In response to jwalker

‎07-19-2007 03:24 PM

Thanks for the reply.

Since I know nothing about the IDS, how would this be changed and is it something that is easy to do?

0 Helpful

jwalker
Level 3
Level 3
In response to wilson_1234_2

‎07-19-2007 03:46 PM

You have to edit the signature configuration for that particular signature. Then look for the summarization parameters.... Change it to Fire All.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents