[Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?
In conjunction with this event, there's the "SMTP_COMMAND_OVERFLOW" message. Is this cause for any major concern? I'm not sure how to track this down and (if possible) mitigate the issue. I'm new to security in general and while I've read the linked CVE/Snort information, it didn't provide me with anything particularly useful.
Can anyone give me some better insight as to what's causing these IDS messages to pop up? In a week we'll get anywhere from 1800-2500 of these events.
Re: [Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?
I'm not sure about that specific alert but does the source indicate a client, or perhaps a mail server on your network? I typically use the source and destination to try to start running captures to gain more insight into what is going on.
Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO If this was helpful click the Kudo button below If my reply solved your issue, please mark it as a solution.