1

In the IPS reports i see multiple counts of the same exploit from the same source ip. I wonder why would someone continue to attempt exploiting a vulnerability when he must have realized in the first attempt only that the exploit was blocked?

Rajesh
  • 11
  • 1

1 Answers1

2

I would guess that this is an automated attack which does not have too much intelligence built-in. A sign of an automated script would be other (possibly unrelated) attempts from the same IP.

WoJ
  • 9,038
  • 3
  • 34
  • 55