[Snort-sigs] SMTP PCT Client_Hello overflow attempt sid:2528

Jeff Kell jeff-kell at ...922...
Wed Jan 11 15:43:06 EST 2006


Russell Fulton wrote:

>I am seeing a steady trickle of these to our mail server from legit sources.
>Packet traces available.
>
Same here.  Appears to be TLS delivery (Received: [...] using TLSv1 with 
cipher EDH-RSA-DES-CBC3-SHA (168/168 bits) [...]

Even a few deliveries from dshield.org (my submission confirmations).  
I'm pretty sure dshield.org is legitimate :-)

Jeff




More information about the Snort-sigs mailing list