NF - ISCSI - ISCSI auth message None - Mounted device on External net - Auth None used - Data in clear txt

NF – ISCSI – ISCSI auth message None – Mounted device on External net – Auth None used – Data in clear txt

This alert is triggered when an iSCSI authentication message with "AuthMethod=None" is detected from an external network to an internal device. This indicates that an iSCSI connection is being established with no authentication.

Categories:

Radiflow

ID Number

5013701

Signature

alert tcp $EXTERNAL_NET 3260 -> $HOME_NET 1023: (msg:"NF - ISCSI - ISCSI auth message None - Mounted device on External net - Auth None used - Data in clear txt"; flags:PA; content:"AuthMethod=None"; nocase; reference:url,networkforensic.dk; metadata:13122018; classtype:policy-violation; sid:5013701; rev:1;)

Severity

High

Recommendations/Investigative actions

Enforce secure authentication methods for iSCSI connections to prevent unauthorized access. Block unauthenticated iSCSI traffic.