In my pfSense Snort IDS/IPS, I am seeing an increasing number of these alerts from customer network IPs. These are large orgs with, potentially, hundreds of clients NATed to a single public IP.

 

This a very old threat and I’m reasonably sure the clients are not using a 10-year-old version of Mozilla, Thunderbird, SeaMonkey, or Java to access our web servers.

 

Can someone shed some light on why we would be seeing an increasing number of these alerts?

 

Thanks.