Last Updated: 2013-10-08 00:30:55 UTC
by Mark Hofman (Version: 1)
Another interesting twist was that once it was detected that the packet was dropped they fragmented the packets in order to attempt to circumvent the FW/IPS in place.
If you see similar please let us know. I'd be interested to compare the samples. In the mean time these requests will be fairly obvious in your web logs, so should be easy enough to pick out.