Snort mailing list archives
Re: RCPT To Overflow
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 15 Jul 2002 10:32:31 -0400
Unless you're running a lotus notes server they mean nothing. The rule itself is unfit for general use and will false often on mailservers that support SMTP command pipelining.
Kill the rule, it only detects a DoS attack for lotus notes with no known exploit, and assumes that your mailserver is old enough to not support pipelining.
At 09:11 AM 7/15/2002 -0400, Darryl Cook wrote:
I am getting tons on these messages from snort and wondering if someone can explain to me what they mean..... SMTP RCPT TO overflow [Classification: Attempted Administrator Privilege Gain] [Priority: 1]: <ee0> {TCP} ipaddress -> ipaddress thanks, darryl ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RCPT To Overflow Darryl Cook (Jul 15)
- Re: RCPT To Overflow Matt Kettler (Jul 15)