Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 5235 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion Prevention Log - ?Buffer Overflow?

gearloose
Hi there,

since three or two days, there is a message in the Intrusion Prevention Log:

2010:03:24-09:29:10 p1gw01 snort[4972]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="(smtp) Attempted response buffer overflow: 992 chars" group="0" srcip="Exchange 2007 SYSTEM" dstip="FIREWALL" proto="6" srcport="25" dstport="58915" sid="0" class="Attempted User Privilege Gain" priority="1" generator="124" msgid="1"

[:S] the message appears not very often

what is to do??? [:D]


This thread was automatically locked due to age.
Parents
  • 0
    Using simple SMTP proxy
    Routing has proper domain, static  host list of the proper internal server ip, verification with callout
    Nothing in relaying
    Nothing in advanced other then the advanced block (helo, sizes, etc)
    batv is not enabled

    only DNAT is to redirect https traffic on the external ip to the exchange server (for web mail portal)

    internally there is only one hop through a switch between the astaro and exchange.
Reply
  • 0
    Using simple SMTP proxy
    Routing has proper domain, static  host list of the proper internal server ip, verification with callout
    Nothing in relaying
    Nothing in advanced other then the advanced block (helo, sizes, etc)
    batv is not enabled

    only DNAT is to redirect https traffic on the external ip to the exchange server (for web mail portal)

    internally there is only one hop through a switch between the astaro and exchange.
Children
No Data