external_tcp_44818
Explanation
The external_tcp_44818 NDM flags connections from outside the customer network to servers on the customer network listening on TCP port 44818. Rockwell Automation ICS systems use TCP port 44818. These kinds of systems should never be exposed to the open Internet.
What to Look For
Verify that the server (the source IP in this case) is expected to receive connections from this source (the destination IP in this case) on port 44818. While traffic to this port could be innocuous, very few networks intentionally expose this service to external hosts. This event could false positive in a situation where Netography has not been configured with the appropriate internal network IP address ranges.
Related MITRE ATT&CK Categories
Updated about 1 month ago