Snort mailing list archives
Re: FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow
From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Wed, 11 May 2011 16:29:12 -0400
You got a full capture that replicates? Also any differences in your conf from the VRT conf? Cheers, -matt On Wed, May 11, 2011 at 3:26 PM, Eoin Miller <eoin.miller () trojanedbinaries com> wrote:
Seeing some alerts like this: smtp: Attempted command buffer overflow But here is the packet: Packet: 45 48 4C 4F 20 5B 31 30 2E 36 36 2E 32 32 39 2E EHLO [10.66.229. 38 30 5D 0D 0A 80].. Unless there is something I am missing? Anyone else seeing alerts like this? It is just EHLO'ing the IP address... -- Eoin ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-blog.snort.org && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Eoin Miller (May 11)
- Re: FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Matt Watchinski (May 11)
- Re: FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Eoin Miller (May 11)
- Re: FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Matt Watchinski (May 12)
- Re: FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Eoin Miller (May 11)
- Re: FP's for gen:124 sid:1 - smtp: Attempted command buffer overflow Matt Watchinski (May 11)