Snort mailing list archives
0 Protocol?
From: "Mike Koponick" <mkoponick () redhawk info>
Date: Fri, 1 Aug 2003 07:14:13 -0700
I was wondering if anyone has seen this type of message. It appears that someone is connecting to our SMTP relay using protocol "0". The Cisco PIX sees it as a Invalid protocol. Snort hasn't seen anything of this sort (I did a search through the logs). Is there a rule for this type of message? 2003-08-01 01:31:10 Local4.Warning 192.168.XXX.XXX %PIX-4-500004: Invalid transport field for protocol=6, from XXX.XXX.XXX.XXX/0 to XXX.XXX.XXX.XXX/25 Thanks in advance. Mike mike () redhawk info ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify security () redhawk info. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 0 Protocol? Mike Koponick (Aug 05)
- Re: 0 Protocol? Jeff Kell (Aug 05)