Meraki

Community

About Ixbalanque

Re: [Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?

by in Full-Stack & Network-Wide
‎Jun 5 2018 12:24 PM
‎Jun 5 2018 12:24 PM
Hey Adam, thanks for the reply --   Its the IP for our load balancer and will direct traffic to one of two mail servers so you're correct. I'd run packet captures but I'm not 100% sure what I would be looking for. ... View more

[Help] SMTP_RESPONSE_OVERFLOW - Cause for concern?

by in Full-Stack & Network-Wide
‎Jun 5 2018 8:29 AM
‎Jun 5 2018 8:29 AM
Hi all,   In conjunction with this event, there's the "SMTP_COMMAND_OVERFLOW" message. Is this cause for any major concern? I'm not sure how to track this down and (if possible) mitigate the issue. I'm new to security in general and while I've read the linked CVE/Snort information, it didn't provide me with anything particularly useful.    Can anyone give me some better insight as to what's causing these IDS messages to pop up? In a week we'll get anywhere from 1800-2500 of these events.     Thanks in advance. ... View more

Re: User-Agent known malicious user-agent string - Win.Trojan.Batlopma

by in Full-Stack & Network-Wide
‎Jun 5 2018 8:21 AM
‎Jun 5 2018 8:21 AM
Sorry for the late reply, the events are infrequent so I haven't kept them at the top of my radar. I haven't made any changes to the wifi just yet. ... View more

Re: User-Agent known malicious user-agent string - Win.Trojan.Batlopma

by in Full-Stack & Network-Wide
‎Jan 24 2018 3:00 PM
‎Jan 24 2018 3:00 PM
Philip, I'm going to see if I can change that SSID tonight and do some testing. Will have to report back if this is feasible for the wireless at this time. ... View more

Re: User-Agent known malicious user-agent string - Win.Trojan.Batlopma

by in Full-Stack & Network-Wide
‎Jan 24 2018 1:41 PM
‎Jan 24 2018 1:41 PM
Hi Blake,   I appreciate your reply. Unfortunately, if you're talking about the link that takes me to Snort, its not very helpful --   https://snort.org/rule_docs/1-39362   Additional, it doesn't tell me the actual endpoint. I'm only seeing my own Access Point. Per Meraki themselves -- Hi, If the device is connected to a NAT mode SSID which it looks like it is, there is no way to know what specific device generated that alert.   But that doesn't sound totally right. I'm not sure why I wouldn't be able to see the "offending" device beyond the AP. ... View more

User-Agent known malicious user-agent string - Win.Trojan.Batlopma

by in Full-Stack & Network-Wide
‎Jan 24 2018 8:22 AM
‎Jan 24 2018 8:22 AM
Hi all,   I'm trying to dig down into my device event logs, as I'm continually seeing this pop up a number of times every week. Unfortunately, the furthest I can get down is to the AP level. Beyond that, I have no way of narrowing it down to an offending device.    I just want to confirm whether or not its a false-positive.  ... View more
© 2024 Cisco Systems, Inc.