Buffer Overflow Exploit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2005 10:52 AM - edited 03-10-2019 01:26 AM
We are MSSP and one of our clients is generating lots Buffer Overflow Exploit from source 196.35.77.17.This source is IS SMTP relay server that relays mail to client network.
Now we are picking up this Buffer Overflow Exploit from this source.
Can this mean that this signature is a false positve from misconfigured IS server?
Any sugestion please
- Labels:
-
IPS and IDS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2005 03:36 PM
To be more specific this is triggered by Sendmail Data Header Overflow (ID 3115) and destination port is tcp 25.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2005 07:52 AM
That is pretty common with that signature. The most common cause I have seen has been spam.
