Hello,
We have been receiving alerts for this alarm. It seems that someone is trying to spoof the host IP to check for vulnerabilities. Is there a way at all to find out the real source IP of the attacker trying to spoof the IP address? Here is the alert we receive from the IDS sensor
High Severity Alarms
IDS alarm 1104 source: 127.0.0.1 port: 80 destination: x.x.252.19 port: 1987 @ 2004/03/17
Alarm Details
Thank you!