I've deployed a new IDS 4250 in an ISP environment. I often find huge amount of such messages in /usr/nr/var/errors.packetd.<pid>
E SWEEP.PORT.UDP - Udp Header has bad Dport 0
E SWEEP.PORT.UDP - Udp Header has bad Dport 0
E SWEEP.PORT.UDP - Udp Header has bad Dport 0
E SWEEP.PORT.UDP - Udp Header has bad Dport 0
Can anyone tell me why such error does appear?
This signature is configured as the file /usr/nr/etc/SigUser.conf shows:
Engine SWEEP.PORT.UDP AlarmThrottle FireAll ChokeThreshold 100 portsInclude 1,2,3,19,37,53,111,123,177,513,514,2049,2050,32767,33000,33500 ResetAfterIdle 20 SIGID 4001 ThrottleInterval 30 Unique 5
I tried to add the port 0 while tuning this signature (SIGID 4001), but the error still appears in the log file errors.packetd.<pid>
Thank you,