Snort mailing list archives
smtp: Attempted command buffer overflow
From: Phil Daws <uxbod () splatnix net>
Date: Wed, 17 Apr 2013 09:06:43 +0100 (BST)
Hello, have recently installed Snort and am beginning to see a lot of alerts from the SMTP preprocessor for SID 124:1:1. Looking at the payload data it shows: 0000000: 45 48 4c 4f 20 6c 69 73 74 73 2e 73 6f 75 72 63 65 66 6f 72 67 65 2e 6e 65 74 EHLO.lists.sourceforge.net 000001A: 0d 0a .. this to an untrained eye looks okay so why would it be tripping the test ? Thanks. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- smtp: Attempted command buffer overflow Phil Daws (Apr 17)
- <Possible follow-ups>
- Re: smtp: Attempted command buffer overflow Phil Daws (Apr 17)
- Re: smtp: Attempted command buffer overflow Phil Daws (Apr 19)
- Re: smtp: Attempted command buffer overflow waldo kitty (Apr 19)
- Re: smtp: Attempted command buffer overflow Castle, Shane (Apr 19)
- Re: smtp: Attempted command buffer overflow Phil Daws (Apr 19)
- Re: smtp: Attempted command buffer overflow Bhagya Bantwal (Apr 19)
- Re: smtp: Attempted command buffer overflow Phil Daws (Apr 19)