msmq_udp_scan_external

Explanation

This NDM is designed to detect scanning for Microsoft Message Queuing on UDP port 1801 that is hitting the customer's network from the internet. Microsoft Message Queuing is a messaging protocol that allows applications running on different servers to communicate.

What to Look For

Scanning activity on the Internet is quite commonplace. Under normal circumstances, Microsoft Message Queuing should not be exposed to the open Internet.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise

Active Scanning, Technique T1595 - Enterprise