cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

404
Views
0
Helpful
2
Replies
Highlighted

Buffer Overflow Exploit

We are MSSP and one of our clients is generating lots Buffer Overflow Exploit from source 196.35.77.17.This source is IS SMTP relay server that relays mail to client network.

Now we are picking up this Buffer Overflow Exploit from this source.

Can this mean that this signature is a false positve from misconfigured IS server?

Any sugestion please

2 REPLIES 2
Highlighted

Re: Buffer Overflow Exploit

To be more specific this is triggered by Sendmail Data Header Overflow (ID 3115) and destination port is tcp 25.

Highlighted
Beginner

Re: Buffer Overflow Exploit

That is pretty common with that signature. The most common cause I have seen has been spam.