Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7841
Views
0
Helpful
2
Replies

[Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?

adriankmartin
Community Member

‎06-05-2018 08:29 AM

Hi all,

In conjunction with this event, there's the "SMTP_COMMAND_OVERFLOW" message. Is this cause for any major concern? I'm not sure how to track this down and (if possible) mitigate the issue. I'm new to security in general and while I've read the linked CVE/Snort information, it didn't provide me with anything particularly useful.

Can anyone give me some better insight as to what's causing these IDS messages to pop up? In a week we'll get anywhere from 1800-2500 of these events.

image.png

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

simple818
Level 9
Level 9

‎06-05-2018 12:11 PM

I'm not sure about that specific alert but does the source indicate a client, or perhaps a mail server on your network? I typically use the source and destination to try to start running captures to gain more insight into what is going on.

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Helpful

adriankmartin
Community Member
In response to simple818

‎06-05-2018 12:24 PM

Hey Adam, thanks for the reply --

Its the IP for our load balancer and will direct traffic to one of two mail servers so you're correct. I'd run packet captures but I'm not 100% sure what I would be looking for.

0 Helpful
Customers Also Viewed These Support Documents