Traffic to an unusual port requiring investigation
Description
AlphaSOC detected unexpected outbound traffic to an unusual port that requires investigation. This activity could indicate data exfiltration, evasion of security controls, or establishment of covert communication channels.
Impact
Outbound traffic to unexpected ports can indicate that a compromised system is attempting to communicate with infrastructure controlled by an threat actor. This could be an attempt to bypass security controls or establish covert communication channels. This can result in data exfiltration, malware downloads, or remote control of the affected system.
Severity
Severity | Condition |
---|---|
Low | Unexpected traffic to an unusual port |
Medium | Unexpected traffic to 389 or 1389 ports |
Investigation and Remediation
Investigate the source and destination of the unusual port traffic, including the specific ports involved. Analyze the content and pattern of the communications. If malicious activity is confirmed, isolate the affected systems, terminate unauthorized connections, and conduct a thorough security assessment.
Known False Positives
- Use of new services requiring sending traffic to previously unseen ports