Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 5235 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion Prevention Log - ?Buffer Overflow?

gearloose
Hi there,

since three or two days, there is a message in the Intrusion Prevention Log:

2010:03:24-09:29:10 p1gw01 snort[4972]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="(smtp) Attempted response buffer overflow: 992 chars" group="0" srcip="Exchange 2007 SYSTEM" dstip="FIREWALL" proto="6" srcport="25" dstport="58915" sid="0" class="Attempted User Privilege Gain" priority="1" generator="124" msgid="1"

[:S] the message appears not very often

what is to do??? [:D]


This thread was automatically locked due to age.
Parents
  • 0
    If I'm not mistaken, that is your firewall trying to send your mailserver a mail, which responds with crap.
    Or the IPS is falsely reporting, which has been known to happen.

    Advice: check your exchange logs, if those are ok, wait for an update to the IPS patterns to fix this.
Reply
  • 0
    If I'm not mistaken, that is your firewall trying to send your mailserver a mail, which responds with crap.
    Or the IPS is falsely reporting, which has been known to happen.

    Advice: check your exchange logs, if those are ok, wait for an update to the IPS patterns to fix this.
Children
No Data