I have recently started seeing a lot of high category alerts with no destination IP or port information. Event tyores include the following:
Microsoft Plug and Play Overflow
TCP Segment Overwrite
Does anyone know why this type of alert occurs? It is impossible to check target systems when destination information is unavailable.