Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RCPT To Overflow

From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 15 Jul 2002 10:32:31 -0400
Unless you're running a lotus notes server they mean nothing. The rule itself is unfit for general use and will false often on mailservers that support SMTP command pipelining.
Kill the rule, it only detects a DoS attack for lotus notes with no known exploit, and assumes that your mailserver is old enough to not support pipelining. 



At 09:11 AM 7/15/2002 -0400, Darryl Cook wrote:

I am getting tons on these messages from snort and wondering if someone
can explain to me what they mean.....

SMTP RCPT TO overflow [Classification: Attempted Administrator Privilege
Gain] [Priority: 1]: <ee0> {TCP}  ipaddress -> ipaddress

thanks,
darryl



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: