We have multiple intrusions being blocked by symantec on our server many times a day for at least a month now maybe more and I have not been able to figure out how to stop this. Below is one of the most recent ones:
Attack: an intrusion attempt was blocked.
- Risk Level | Medium
- Attacker Computer
- 219.214.28.3 0
- Destination Computer
- 192.168.1.2 0
- Protocol
- TCP
- Attack URL
- 127.0.0.1/cgi-bin/authLogin.cgi
- Targeted Application
- -
- Status
- Blocked
- Action
- Resolved - No Action Required
- Date & Time
- Thursday, January 08, 2015 9:04:56 AM
They all come from different IP addresses, but the rest stays the same. The alert emails I get show the attack is on Port 0. I have done an intrusion scan but came up with nothing. Many different virus and malware scans have not turned up anything. Tried to block Port 0 traffic on server and that did not help. I know symantec is blocking them and that is good but the constant alerts filling up my email box is annoying. Also, this wasn't happening until just recently.
Any help would be appreciated.