Does the IPS log packets that trigger alerts? I looked at the snort configuration on my 6.304 systems and it appears that logging is not enabled. If not, this makes it very difficult for analyze a potential attack for validity.
I have been receiving a LOT of "MAIL FROM overflow attempt " alerts. I have changed the rule to drop the packets until I can determine if these are false postives.
This thread was automatically locked due to age.
