[Snort-users] chameleon overflow

Matt Hand matt at ...1740...
Fri Jun 8 14:20:57 EDT 2001


  I was checking through yesterday's logs and ran across a SMTP chameleon overflow, which is unusual for us. The logs are from a machine running DNS and acting as our mail server. 

  The arachNIDs database says its unlikely the ip address was spoofed so I checked and it belongs to cheetahmail.com. Has anyone experienced anything similar and, if so, what did you do about it? 

  In any case, here are the relevant lines from the log file:

<snip>
Jun  7 16:27:05 chia snort: SMTP chameleon overflow: 206.132.30.40:41226 -> 207.252.45.6:25
Jun  7 16:27:05 chia named[517]: "optonline.net IN MX" points to a CNAME (mail-relay.optonline.net)
Jun  7 16:27:05 chia named[517]: "optonline.net IN MX" points to a CNAME (mail-hub.optonline.net)
</snip>

  Thanks for the help.

Matt Hand
matt at ...1740...





More information about the Snort-users mailing list