I have gotten this report from IPS and don't know what to make of it. The IPS is only running on the Internal Network. Is this a sign of an E-Mail getting trhough that is an attempt to gain access?? The Address 192.168.1.2 is the internal Interface and the 192.168.1.20 is the internal Exchange server.
A packet was identified that may be part of an intrusion attempt.
The packet was detected by the Intrusion Detection system. The matching rule classified this as highest priority level. The packet properties and the alert reason are:
[1:2590:0] A SMTP MAIL FROM overflow attempt [Classification: Attempted Administrator Privilege Gain] [Priority: 1]: {PROTO006} 192.168.1.2:52180 -> 192.168.1.20:25
Should I also include the external interface in the rule set also??
This thread was automatically locked due to age.