Inbound Port 0 communication to server / Malwarebytes

asked 2022-01-27 12:08:23 +0000

Para gravatar image

Hello all,

since some time, we get Malwarebytes Antivirus warnings These warnings say, that there is onbound communication on port 0 to a specifix server.

We're 100% sure, that our firewall denies inbound access to that server. Also that server is not exposed directly to the internet.

Malwarebytes logs IPs from hosts within foreign countries.

Now: what would be the best syntax for a "record filter" to trace this down?

I tried this one at the moment, but I am unsure, if this will fit my needs: src net not 192.168.0.0/24 and not arp and not port 53 and not port 139 and not port 445 and not port 8443

In the end, i like to capture inbound port 0 connections which are not from the local subnet and some more information.

Thank you in advance and best regards! Daniel

edit retag flag offensive close merge delete