We are getting thousands of connections like the following below. Our SIEM is alerting us because they think it is FTP connections but according to the ASA syslog data it looks like it is actually ICMP and the source port is 21? Does anyone have any idea what kind of traffic this is? I can't find any information about an ICMP port 21. Thanks in advance!
Built inbound ICMP connection for faddr 18.229.160.179/21 gaddr 65.X.X.X/0 laddr 65.X.X.X/0
Built inbound ICMP connection for faddr 18.231.45.117/21 gaddr 65.X.X.X/0 laddr 65.X.X.X/0
Built inbound ICMP connection for faddr 13.232.231.197/21 gaddr 65.X.X.X/0/0 laddr 65.X.X.X/0
No comments:
Post a Comment