I have upgraded my NSM and the Sensor last month, since then i have been getting warnings for the attack above. The thing is, we have a Barracuda spam firewall which filter emails before forwarding them to exchange. Barracuda is running on Linux, and when i received this microsoft base attack, it shows the IP(internal and external) of the barracuada. And yes, i am getting these attacks for inbound and outbound which represent 90% of the attacks send to me by the Manager! Sincerely, I am not sure how to deal with these attack! Can't eable block, tcp reset or ICMP unreachable as this will clearly affect inbound/outbound email! Clearly, this is a false posive... System send microsoft attacks for a Lunix base OS. Now, how i deal with that? ingnore the attacks or disable the attack? Or is there a workaround?
Thank you all,