Snort mailing list archives
chameleon overflow
From: Matt Hand <matt () bitflip com>
Date: Fri, 8 Jun 2001 13:20:57 -0500
I was checking through yesterday's logs and ran across a SMTP chameleon overflow, which is unusual for us. The logs are from a machine running DNS and acting as our mail server. The arachNIDs database says its unlikely the ip address was spoofed so I checked and it belongs to cheetahmail.com. Has anyone experienced anything similar and, if so, what did you do about it? In any case, here are the relevant lines from the log file: <snip> Jun 7 16:27:05 chia snort: SMTP chameleon overflow: 206.132.30.40:41226 -> 207.252.45.6:25 Jun 7 16:27:05 chia named[517]: "optonline.net IN MX" points to a CNAME (mail-relay.optonline.net) Jun 7 16:27:05 chia named[517]: "optonline.net IN MX" points to a CNAME (mail-hub.optonline.net) </snip> Thanks for the help. Matt Hand matt () bitflip com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- chameleon overflow Matt Hand (Jun 08)
- Re: chameleon overflow Ralf Hildebrandt (Jun 08)
- Re: chameleon overflow Paulie (Jun 08)
- Re: chameleon overflow Brian Caswell (Jun 08)
- <Possible follow-ups>
- Re: chameleon overflow Matthew Collins (Jun 11)
- CVS or 1.7? Jay Moore (Jun 11)
- Re: CVS or 1.7? Andreas Hasenack (Jun 11)
- CVS or 1.7? Jay Moore (Jun 11)