I had a Sudden increase of traffic to a port :80 from several IP's. This triggered the "Sudden increase of traffic to a port" rule in MARS.
Looking at the PC's (Win XP SP2) involved they all had a TCP error # 4226 at the time of incident. 4226 is - TCP/IP reached limits of # of concurrent tcp connection.
The incident was sourced 30 times from 3 different internal PC's to 220.127.116.11 (Akamai Tech -a company that provides a distributed computing platform for global Internet content and application delivery) all within and at the same second
How could I get more information to determine if my PC's played a role in bot like activity? All scans of the PC are clean.