I started to see the traffic below yesterday afternoon all through this
morning (4:53 A.M.)
It appears similar to the crap that Nimda would do.
I am suspecting a new one is loose boys and girls. This got past a three
tiered A/V environment that was fully current, along with all MS
updates.
All thoughts are welcome.
Danny
ALARM NO: 1
DATE: Thu 2004-01-22 18:55:19 GMT
INTERFACE: Protected (xl0)
INTERFACE TYPE: Protected
ALARM TYPE: Possible spoof
IP PACKET: TCP [188.117.214.134/1637]-->[62.140.213.141/80] l=0
f=0x2
[188.117.214.134/1637]-->[62.140.213.141/http]
DETAILED DESCRIPTION:
Return interface for IP packet is different than arrival.
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
