Snort mailing list archives
Re: 1000s of SMTP RCPT TO overflow and Speedera Pings
From: "Ian Macdonald" <secsnort () dirk demon co uk>
Date: Wed, 14 Aug 2002 20:21:57 -0400
If you are interested in ICMP traffic then it is good to split the icmp data into different rules so you can safely ignore it or block it on your firewall. A lot of rules are informational rules that are there to give you information about what is happening on your network. If you don't care about it feel free to create a pass rule for that kind of data or it you don't care about any icmp traffic then disable the whole rule set. One thing to note, if you disable speedera but not the more general ICMP rules then more general rule will trigger inside which is why I suggest using a pass rule. ----- Original Message ----- From: "Eric Joe" <sysop () tje1 com> To: <snort-users () lists sourceforge net> Sent: Wednesday, August 14, 2002 3:08 PM Subject: [Snort-users] 1000s of SMTP RCPT TO overflow and Speedera Pings
I know what Speedera is (I have read their FAQ), but what I dont understand why Snorts default rules even counts this as an alert. What are others on the list doing with Speedera? Would it be a bad idea to ignore it? The other top alert I am getting is SMTP RCPT TO overflow, and the targets are mail server/DNS servers. I have manually added my DNS servers in the snort.conf file, but still have gotten over 5600 of these in less than 1 week. I am sure these are false alarms, but I want to get the lists feedback on this. Thanks in advance -- Eric Joe Network Operations Journey's End Internet/Computer Connection Inc ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 1000s of SMTP RCPT TO overflow and Speedera Pings Eric Joe (Aug 14)
- Re: 1000s of SMTP RCPT TO overflow and Speedera Pings Ian Macdonald (Aug 14)
- <Possible follow-ups>
- RE: 1000s of SMTP RCPT TO overflow and Speedera Pings Jeremy Junginger (Aug 14)
- RE: 1000s of SMTP RCPT TO overflow and Speedera Pings Robert Schwartz (Aug 15)