07-28-2008 10:18 AM - edited 03-11-2019 06:21 AM
Getting a FLOOD, huge flood of
" reason: MSS exceeded, MSS 1300, data 1360" on Port 25
running Pix 7.0.4 code.
What is up with this? Have seen some of these in the past, but nothing like the 1 to 3 every second. I think someone is trying to run a SMTP exploit on my port 25. I am not getting these on port 80. Also have not had this huge amount of MSS reject in the past.
Suggestions?
07-28-2008 11:13 AM
This is rarely caused by exploits, this usually problems with the TCP settings on the server/client etc. Have a look at:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804c8b9f.shtml
As you see Cisco has changed the default from 'deny' to 'allow' due to excessive user complaints starting from release 7.2(4)
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/ef_72.html#wp1758645
Regards
Farrukh
07-28-2008 11:19 AM
Tech note applies to http sites. I am having an issue with port 25 inbound. My quesiton is can I apply the same to port 25 to bypass the MSS messages.
07-28-2008 11:31 AM
Yes why not.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: