Snort mailing list archives
pop: Unknown POP3 response/command
From: Matteo De Rosa <matteo.derosa () enea it>
Date: Tue, 12 Jan 2016 13:39:59 +0100
I have similar alerts for POP and IMAP : [snort] pop: Unknown POP3 response protocol-command-decode 523(0%) 1 1 30 [snort] pop: Unknown POP3 command protocol-command-decode 941(0%) 1 45 1 [snort] imap: Unknown IMAP4 command protocol-command-decode 450(0%) 1 19 1 Decodind method specified in short.conf are: # POP preprocessor. For more information see README.pop preprocessor pop: \ ports { 110 } \ b64_decode_depth 0 \ qp_decode_depth 0 \ bitenc_decode_depth 0 \ uu_decode_depth 0 # IMAP preprocessor. For more information see README.imap preprocessor imap: \ ports { 143 } \ b64_decode_depth 0 \ qp_decode_depth 0 \ bitenc_decode_depth 0 \ uu_decode_depth 0 All are related to the unic ENEA-mail-server and a lot of Enea-client .
How can I get the entire session in a pcap ? By BASE ? And how ?
Many thank's for collaboration.
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: pop: Unknown POP3 response/command Matteo De Rosa (Jan 08)
- <Possible follow-ups>
- Re: pop: Unknown POP3 response/command Matteo De Rosa (Jan 11)
- Re: [WARNING : A/V UNSCANNABLE] Re: pop: Unknown POP3 response/command Al Lewis (allewi) (Jan 11)
- pop: Unknown POP3 response/command Matteo De Rosa (Jan 12)
- Re: Unknown POP3 response/command Al Lewis (allewi) (Jan 12)
- capture traffic Matteo De Rosa (Jan 12)
- Re: Unknown POP3 response/command Matteo De Rosa (Jan 13)
- Re: [WARNING : A/V UNSCANNABLE] Re: pop: Unknown POP3 response/command Al Lewis (allewi) (Jan 11)