Im seeing the 3327, and 3328, and 2100s etc...but im NOT seeing the WebDAV exploit triggered by NACHI worm and I know its happening cause I correleate the 2100's and 3327/8 sigs to the same destination IPs(some internet respsonse due to increased Port80 scanning.
Is anyone else picking up the NachiaWorm port 80 SYN (WEbDAV exploit) activity with a Cisco Sig (5364 or 5365)???
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...