Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 2 subscribers
  • Views 5235 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion Prevention Log - ?Buffer Overflow?

gearloose
Hi there,

since three or two days, there is a message in the Intrusion Prevention Log:

2010:03:24-09:29:10 p1gw01 snort[4972]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="(smtp) Attempted response buffer overflow: 992 chars" group="0" srcip="Exchange 2007 SYSTEM" dstip="FIREWALL" proto="6" srcport="25" dstport="58915" sid="0" class="Attempted User Privilege Gain" priority="1" generator="124" msgid="1"

[:S] the message appears not very often

what is to do??? [:D]


This thread was automatically locked due to age.
  • 0
    Nothing in relaying

    You mean nothing but the host definition for the Exchange server in 'Host-based relay' 'Allowed hosts/networks'?

    And you have the IP of "Internal (Address)" listed in the Exchange server as its smart host?

    Cheers - Bob
  • 0
    "nothing" in the sence that everything is blank on Relaying tab.  I'll read over and populate them here shortly.
    *update* added internal network to "host based relay"

    smarthost is not enabled either.
    *update* i'm not sure if a 'smarthost' applies in my case; but i'll try it.  unsure about authentication section.
    *update* added smarthost data anyway; does not seem to have effected operation.


    *update* still generating those IPS messages.
  • 0
    Is there a way in the Astaro to see what the packet contains?  It appears to be the same size (718 chars) every time and i'm starting to get very curious.