In the last few days Norton has blocked two 'Low Risk' intrusion attempts, one from http://www.spywareguard.com, the other from http://www.webtechgeek.com. Both used the same MSSQL_Null_Packet_DoS intrusion technique, if you can call it that. I was in both instances just sitting on your average G-rated web sites at the time. I checked them both out on the web (nothing here about them), and they seemed legitimate as far as I can tell, i.e. not obviously fake AS sites that actually plant spyware on your computer for their own fun and profit. I had never heard of either until then. I doubt these are false positives given the info Norton provided for each (IP, etc.), so the question is what did they want? Were they your basic adware, or spyware, or what? I am running quite a bit of AS at the moment in addition to Norton NIS: Spy Sweeper, Ad-Aware SE, Spybot S & D, SpywareBlaster, and SpywareGuard. I ran some scans after both intrusion attempts and the only thing that came up was a cookie identified as oasis.adserv... after the webtechgeek hit (found by Ad-Aware); that cookie could have come from any of the other sites I had visited earlier. (I'll repeat my comment made elsewhere on this forum that Ad-Aware catches more stuff than Spy Sweeper.) The thought did occur to me that perhaps either of these 'intruders' might be legitimately communicating with one of my AS applications for some reason, as by downloading definitions or something, but that function is usually handled explicitly by the application itself through live updates, so that explanation doesn't seem very plausible. I rarely get intrusion attempts (mainly because I'm a good boy and drink all my milk), but perhaps recent NIS updates have sharpened its detection capability. For now I am reasonably content to block both of them, but given that these seem like legitimate security sites, it makes me wonder what the deal is here. Any thoughts? Thanks.