Snort mailing list archives
FP:10995 rev3
From: <snort () leeclemens net>
Date: Tue, 30 Mar 2010 16:47:00 -0400
Hello, I believe I a seeing a FP with this BDAT DoS attempt. The packet being alerted on is SMTP, paylaod length 23, containing only: EHLO <server name> 0D 0A Is this correct? The rule appears to use content "BDAT", which is not contained in the server name either. -Lee ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- FP:10995 rev3 snort (Mar 30)
- Re: FP:10995 rev3 Matt Watchinski (Mar 30)
- Re: FP:10995 rev3 Lee Clemens (Mar 31)
- Re: FP:10995 rev3 Matt Watchinski (Mar 30)