Inbound Port 0 communication to server / Malwarebytes
Hello all,
since some time, we get Malwarebytes Antivirus warnings These warnings say, that there is onbound communication on port 0 to a specifix server.
We're 100% sure, that our firewall denies inbound access to that server. Also that server is not exposed directly to the internet.
Malwarebytes logs IPs from hosts within foreign countries.
Now: what would be the best syntax for a "record filter" to trace this down?
I tried this one at the moment, but I am unsure, if this will fit my needs: src net not 192.168.0.0/24 and not arp and not port 53 and not port 139 and not port 445 and not port 8443
In the end, i like to capture inbound port 0 connections which are not from the local subnet and some more information.
Thank you in advance and best regards! Daniel