Snort mailing list archives
How to tune two rules?
From: "Turnbough, Bradley E." <bturnbough () belcan com>
Date: Thu, 8 Aug 2013 13:31:02 +0000
Guys, I'm pretty new at using snort, and I'm trying to tune two rules. Can someone please tell me how to tune these two rules? gen_id 124, sig_id 7 -- smtp: Attempted header name buffer overflow gen_id 124, sig_id 1 -- smtp: Attempted command buffer overflow My sensor is sitting in between my SMTP relays on the outside and my firewall, and I get several thousand of these daily. I'm sure a majority of them are false positives, but none-the-less I need to tune this wild animal. Thanks, Brad _____________________________________________________________ This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- How to tune two rules? Turnbough, Bradley E. (Aug 08)
- Re: How to tune two rules? Joel Esler (Aug 08)
- Re: How to tune two rules? waldo kitty (Aug 08)