Attempted Intrusion "MSSQL_Null_Packet_DoS" against your machine was detected and blocked.
Intruder: machinename.mydomain.com(192.x.x.x)(ldap(389)).


My Symantec Client firewall keeps popping up this and I'm sure it's a false positive because I don't have an SQL server at the IP that it says is generating the attack?

Has anyone seen this happen before and why would a w2003 server generate it, or at least generate something that looked like it? There are no events at the same time generated on the source machine.

Thanks