I am getting several of these from diffrent PC's on the network. This is a brand new deployment of an IPS in our core 6500. I need to know where to start tracking down what this is and if its a flase positive. I changed the attaker IP for this post but they are coming from internal IP's on our network. I am also getting several from the same PC.
|Event Time||07/14/2010 08:23:37|
|Sensor Local Time||07/14/2010 13:23:37|
|Signature Name||AD - External TCP Scanner|
|Signature Details||Worm Attack|
|Risk Rating Value||100|