New Protocol Activity on an Unusual Port

Protocols are assigned to standard ports by the Internet Assigned Numbers Authority (IANA) to help identify different types of traffic. For example, HTTP protocol traffic is often assigned to standard ports 80 or 443. Remote service protocols are also assigned to standard ports, such as RDP:3389 and SSH:22. Traffic on standard ports is often allowed to pass through firewalls. Attackers who want to evade detection can configure external servers, or proxies, to listen for protocol traffic on unusual, non-standard ports. For example, RDP traffic can be exchanged on port 80, helping the malicious traffic blend in with HTTP traffic.

The system might change the risk score for this detection.