This is probably a Blaster-infected machine with an incorrect date, or
just rebooted, trying it's DOS against windowsupdate.com. The ISP
probably added a DNS entry pointing windowsupdate.com to 127.0.0.1.
Blaster sends a packet to 127.0.0.1:80 with a spoofed source address
within the local address ...
This is probably a Blaster-infected machine with an incorrect date, or
just rebooted, trying it's DOS against windowsupdate.com. The ISP
probably added a DNS entry pointing windowsupdate.com to 127.0.0.1.
Blaster sends a packet to 127.0.0.1:80 with a spoofed source address
within the local address ...
[ more ]