I am getting thousands of TCP segment overwrite events (ID: 1300) directed at our MS SQL Server from numerous clients. Is this a bug in the MS SQL implementation that could cause false positives? Is there a known exploit that would be causing this?
The client that is causing most of the alarms is a Win2K machine with SP2. The server is a Win2K system with SP3a running SQL server. I have done a packet capture that should include one of the events. How would be the best way to send it to you i...
