Hi.
I am getting millions of this hits from the same dest/src IPs (GPL SQL probe response overflow attempt).
The source IP is a residential public IP from the main network provider from my country. The destination address is our prive address from our VPN server.
Source and destination ports are UDP 4500 which is IPsec NAT traversal. Can someone please explain me why i am getting this types of alerts? This is not even an SQL server
Thanks.