[Snort-sigs] SMTP PCT Client_Hello overflow attempt sid:2528
jeff-kell at ...922...
Wed Jan 11 15:43:06 EST 2006
Russell Fulton wrote:
>I am seeing a steady trickle of these to our mail server from legit sources.
>Packet traces available.
Same here. Appears to be TLS delivery (Received: [...] using TLSv1 with
cipher EDH-RSA-DES-CBC3-SHA (168/168 bits) [...]
Even a few deliveries from dshield.org (my submission confirmations).
I'm pretty sure dshield.org is legitimate :-)
More information about the Snort-sigs