GPL SQL probe response overflow attempt - False Positives


I am getting millions of this hits from the same dest/src IPs (GPL SQL probe response overflow attempt).

The source IP is a residential public IP from the main network provider from my country. The destination address is our prive address from our VPN server.

Source and destination ports are UDP 4500 which is IPsec NAT traversal. Can someone please explain me why i am getting this types of alerts? This is not even an SQL server


I would argue that this could be a false positive, so ideally you can grab a pcap and provide it to the rule writer so they can improve the signature.