I am seeing lots of connection attempts to TCP Ports 80 & 1433 (which is to be expected from people looking for vulnerabilities in web and ms-sql servers). I am also seeing return TCP traffic, with a SPT=80 and DPT=2987 from web servers that have not been been visited.
Is my public IP being spoofed by third parties?
This thread was automatically locked due to age.