Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 5235 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion Prevention Log - ?Buffer Overflow?

gearloose
Hi there,

since three or two days, there is a message in the Intrusion Prevention Log:

2010:03:24-09:29:10 p1gw01 snort[4972]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="(smtp) Attempted response buffer overflow: 992 chars" group="0" srcip="Exchange 2007 SYSTEM" dstip="FIREWALL" proto="6" srcport="25" dstport="58915" sid="0" class="Attempted User Privilege Gain" priority="1" generator="124" msgid="1"

[:S] the message appears not very often

what is to do??? [:D]


This thread was automatically locked due to age.
Parents
  • 0
    Bump

    I've been having this happen for awhile now as well.

    2010:09:02-14:06:30 asg-lic snort[22537]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="(smtp) Attempted response buffer overflow: 718 chars" group="0" srcip="" dstip="" proto="6" srcport="25" dstport="55202" sid="0" class="Attempted User Privilege Gain" priority="1" generator="124" msgid="1"
    dstport always seems to be be fairly random.

    Server IP is listed in the performance tuning section of the network security->Intrusion Prevention->advanced (in all blocks [http, smtp, sql, dns])
Reply
  • 0
    Bump

    I've been having this happen for awhile now as well.

    2010:09:02-14:06:30 asg-lic snort[22537]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="(smtp) Attempted response buffer overflow: 718 chars" group="0" srcip="" dstip="" proto="6" srcport="25" dstport="55202" sid="0" class="Attempted User Privilege Gain" priority="1" generator="124" msgid="1"
    dstport always seems to be be fairly random.

    Server IP is listed in the performance tuning section of the network security->Intrusion Prevention->advanced (in all blocks [http, smtp, sql, dns])
Children
No Data