[Snort-sigs] POP3 PASS overflow attempt - False Positive
erik at ...2230...
Mon Feb 16 06:52:00 EST 2004
# This is a template for submitting snort signature descriptions to
# the snort.org website
# Ensure that your descriptions are your own
# and not the work of others. References in the rules themselves
# should be used for linking to other's work.
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
POP3 PASS overflow attempt
Ease of Attack:
I checked the payload of one instance of this being triggered, and it is
ok. The password is 14 characters, and is correct. The payload is:
PASS <14-char password><2 end chars: 0D 0A>
Thus, this appears to be a false possitive.
More information about the Snort-sigs