Skip to main content

Traffic to an unusual and suspicious port requiring investigation

ID:unusual_network_port_suspicious
Data type:IP
Severity:
Low
-
Medium
MITRE ATT&CK:TA0011:T1571

Description

AlphaSOC detected unexpected outbound traffic to an unusual port that requires investigation. This activity could indicate data exfiltration, evasion of security controls, or establishment of covert communication channels.

Impact

Outbound traffic to unexpected ports can indicate that a compromised system is attempting to communicate with infrastructure controlled by an threat actor. This could be an attempt to bypass security controls or establish covert communication channels. This can result in data exfiltration, malware downloads, or remote control of the affected system.

Severity

SeverityCondition
Low
Unexpected traffic to an unusual port
Medium
Unexpected traffic to 389 or 1389 ports

Investigation and Remediation

Investigate the source and destination of the unusual port traffic, including the specific ports involved. Analyze the content and pattern of the communications. If malicious activity is confirmed, isolate the affected systems, terminate unauthorized connections, and conduct a thorough security assessment.

Known False Positives

  • Use of new services requiring sending traffic to previously unseen ports